- protected User<AAFPermission> loadUser(final Principal principal) {
- final String name = principal.getName();
-// // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't
-// // have domains. We are going to make the Transitive Class (see this.transmutative) to convert
-// final Principal tp = principal; //transmutate.mutate(principal);
-// if(tp==null) {
-// return null; // if not a valid Transmutated credential, don't bother calling...
-// }
-// TODO Create a dynamic way to declare domains supported.
- final long start = System.nanoTime();
- final boolean[] success = new boolean[]{false};
-
-// new Exception("loadUser").printStackTrace();
- try {
- return aaf.best(new Retryable<User<AAFPermission>>() {
- @Override
- public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
- Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);
-
- // In the meantime, lookup User, create if necessary
- User<AAFPermission> user = getUser(principal);
- Principal p;
- if(user!=null && user.principal == null) {
- p = new Principal() {// Create a holder for lookups
- private String n = name;
- public String getName() {
- return n;
- }
- };
- } else {
- p = principal;
- }
-
- if(user==null) {
- addUser(user = new User<AAFPermission>(p,aaf.userExpires)); // no password
- }
-
- // OK, done all we can, now get content
- if(fp.get(aaf.timeout)) {
- success[0]=true;
- Map<String, Permission> newMap = user.newMap();
- boolean willLog = aaf.access.willLog(Level.DEBUG);
- for(Perm perm : fp.value.getPerm()) {
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
- if(willLog) {
- aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
- }
- }
- user.setMap(newMap);
- } else {
- int code;
- switch(code=fp.code()) {
- case 401:
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
- break;
- case 404:
- user.setNoPerms();
- break;
- default:
- aaf.access.log(Access.Level.ERROR, code, fp.body());
- }
- }
+ final boolean[] success = new boolean[]{false};
+
+ try {
+ return aaf.best(new Retryable<User<AAFPermission>>() {
+ @Override
+ public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
+ StringBuilder sb = new StringBuilder("/authz/perms/user/");
+ sb.append(name);
+ if(details) {
+ sb.append("?force");
+ }
+ Future<Perms> fp = client.read(sb.toString(),aaf.permsDF);
+
+ // In the meantime, lookup User, create if necessary
+ User<AAFPermission> user = getUser(principal);
+ Principal p;
+ if (user!=null && user.principal == null) {
+ p = new Principal() {// Create a holder for lookups
+ private String n = name;
+ public String getName() {
+ return n;
+ }
+ };
+ } else {
+ p = principal;
+ }
+
+ if (user==null) {
+ addUser(user = new User<AAFPermission>(p,aaf.userExpires)); // no password
+ }
+
+ // OK, done all we can, now get content
+ boolean ok = fp.get(aaf.timeout);
+ remote.set(Timing.millis(remoteStart));
+ if (ok) {
+ success[0]=true;
+ Map<String, Permission> newMap = user.newMap();
+ boolean willLog = aaf.access.willLog(Level.DEBUG);
+ for (Perm perm : fp.value.getPerm()) {
+ user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ if (willLog) {
+ aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
+ }
+ }
+ user.setMap(newMap);
+ } else {
+ int code;
+ switch(code=fp.code()) {
+ case 401:
+ aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
+ break;
+ case 404:
+ user.setNoPerms();
+ break;
+ default:
+ aaf.access.log(Access.Level.ERROR, code, fp.body());
+ }
+ }