- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
- */
- @Override
- public boolean fish(Principal bait, Permission pond) {
- TokenPerm tp;
- if(bait instanceof OAuth2Principal) {
- OAuth2Principal oa2p = (OAuth2Principal)bait;
- tp = oa2p.tokenPerm();
- } else {
- tp=null;
- }
- if(tp==null) {
- // if no Token Perm preset, get
- try {
- Pooled<TokenClient> tcp = tokenClientPool.get();
- try {
- TokenClient tc = tcp.content;
- tc.username(bait.getName());
- Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
- if(rtt.isOK()) {
- Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
- if(rtp.isOK()) {
- tp = rtp.value;
- }
- }
- } finally {
- tcp.done();
- }
- } catch (APIException | LocatorException | CadiException e) {
- access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
- }
- }
- if(tp!=null) {
- if(tkMgr.access.willLog(Level.DEBUG)) {
- StringBuilder sb = new StringBuilder("AAF Permissions for user ");
- sb.append(bait.getName());
- sb.append(", from token ");
- sb.append(tp.get().getAccessToken());
- for (AAFPermission p : tp.perms()) {
- sb.append("\n\t");
- sb.append(p.getName());
- sb.append('|');
- sb.append(p.getInstance());
- sb.append('|');
- sb.append(p.getAction());
- }
- sb.append('\n');
- access.log(Level.DEBUG, sb);
- }
- for (AAFPermission p : tp.perms()) {
- if (p.match(pond)) {
- return true;
- }
- }
- }
- return false;
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
+ */
+ @Override
+ public boolean fish(Principal bait, Permission ... pond) {
+ TokenPerm tp;
+ if (bait instanceof OAuth2Principal) {
+ OAuth2Principal oa2p = (OAuth2Principal)bait;
+ tp = oa2p.tokenPerm();
+ } else {
+ tp=null;
+ }
+ if (tp==null) {
+ // if no Token Perm preset, get
+ try {
+ Pooled<TokenClient> tcp = tokenClientPool.get();
+ try {
+ TokenClient tc = tcp.content;
+ tc.username(bait.getName());
+ Set<String> scopeSet = new HashSet<>();
+ scopeSet.add(tc.defaultScope());
+ AAFPermission ap;
+ for (Permission p : pond) {
+ if (p instanceof AAFPermission) {
+ ap = (AAFPermission)p;
+ scopeSet.add(ap.getNS());
+ }
+ }
+ String[] scopes = new String[scopeSet.size()];
+ scopeSet.toArray(scopes);
+
+ Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
+ if (rtt.isOK()) {
+ Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
+ if (rtp.isOK()) {
+ tp = rtp.value;
+ }
+ }
+ } finally {
+ tcp.done();
+ }
+ } catch (APIException | LocatorException | CadiException e) {
+ access.log(e, "Unable to Get a Token");
+ }
+ }
+
+ boolean rv = false;
+ if (tp!=null) {
+ if (tkMgr.access.willLog(Level.DEBUG)) {
+ StringBuilder sb = new StringBuilder("AAF Permissions for user ");
+ sb.append(bait.getName());
+ sb.append(", from token ");
+ sb.append(tp.get().getAccessToken());
+ for (AAFPermission p : tp.perms()) {
+ sb.append("\n\t[");
+ sb.append(p.getNS());
+ sb.append(']');
+ sb.append(p.getType());
+ sb.append('|');
+ sb.append(p.getInstance());
+ sb.append('|');
+ sb.append(p.getAction());
+ }
+ sb.append('\n');
+ access.log(Level.DEBUG, sb);
+ }
+ for (Permission p : pond) {
+ if (rv) {
+ break;
+ }
+ for (AAFPermission perm : tp.perms()) {
+ if (rv=perm.match(p)) {
+ break;
+ }
+ }
+ }
+ }
+ return rv;
+ }