+ private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
+
+ /**
+ * Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
+ * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com".
+ *
+ * The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.
+ * Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely
+ * @throws APIException
+ * @throws URISyntaxException
+ * @throws DME2Exception
+ */
+ // Package on purpose
+ AAFLurPerm(AAFCon<?> con) throws CadiException, APIException {
+ super(con);
+ attachOAuth2(con);
+ }
+
+ // Package on purpose
+ AAFLurPerm(AAFCon<?> con, AbsUserCache<AAFPermission> auc) throws APIException {
+ super(con,auc);
+ attachOAuth2(con);
+ }
+
+ private void attachOAuth2(AAFCon<?> con) throws APIException {
+ String oauth2_url;
+ Class<?> tmcls = Config.loadClass(access,"org.osaaf.cadi.oauth.TokenMgr");
+ if (tmcls!=null) {
+ if ((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) {
+ try {
+ Constructor<?> tmconst = tmcls.getConstructor(AAFCon.class,String.class);
+ Object tokMangr = tmconst.newInstance(con,oauth2_url);
+ @SuppressWarnings("unchecked")
+ Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access,ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR);
+ Constructor<Lur> oa2const = oa2cls.getConstructor(tmcls);
+ Lur oa2 = oa2const.newInstance(tokMangr);
+ setPreemptiveLur(oa2);
+ } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new APIException(e);
+ }
+ } else {
+ access.log(Level.INIT, "Both cadi-oauth jar and Property",Config.CADI_OAUTH2_URL,"is required to initialize OAuth2");
+ }
+ }
+ }
+
+ protected User<AAFPermission> loadUser(final Principal principal) {
+ final String name = principal.getName();
+ final long start = System.nanoTime();
+ final Holder<Float> remote = new Holder<Float>(0f);
+
+ final boolean[] success = new boolean[]{false};
+
+ try {
+ return aaf.best(new Retryable<User<AAFPermission>>() {
+ @Override
+ public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
+ StringBuilder sb = new StringBuilder("/authz/perms/user/");
+ sb.append(name);
+ if(details) {
+ sb.append("?force");
+ }
+ Future<Perms> fp = client.read(sb.toString(),aaf.permsDF);
+
+ // In the meantime, lookup User, create if necessary
+ User<AAFPermission> user = getUser(principal);
+ Principal p;
+ if (user!=null && user.principal == null) {
+ p = new Principal() {// Create a holder for lookups
+ private String n = name;
+ public String getName() {
+ return n;
+ }
+ };
+ } else {
+ p = principal;
+ }