/**
* PIP Engine for Implementing {@link com.att.research.xacml.std.pip.engines.ConfigurableEngine} interface to provide
- * attribute retrieval from AT&T AAF interface.
+ * attribute retrieval from AAF interface.
*
* @version $Revision$
*/
public class AAFEngine extends StdConfigurableEngine {
- public static final String DEFAULT_DESCRIPTION = "PIP for authenticating aaf attributes using the AT&T AAF REST interface";
- public static final String DEFAULT_ISSUER = "att-aaf";
+ public static final String DEFAULT_DESCRIPTION = "PIP for authenticating aaf attributes using the AAF REST interface";
+ public static final String DEFAULT_ISSUER = "aaf";
private static final String SUCCESS = "Success";
private static final PIPRequest PIP_REQUEST_INSTANCE = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_INSTANCE"), XACML3.ID_DATATYPE_STRING);
private static final PIPRequest PIP_REQUEST_ACTION = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_ACTION"), XACML3.ID_DATATYPE_STRING);
- private static final List<PIPRequest> mapRequiredAttributes = new ArrayList<PIPRequest>();
+ private static final List<PIPRequest> mapRequiredAttributes = new ArrayList<>();
static{
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_UID));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_PASS));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_ACTION));
}
- private static final Map<PIPRequest, String> mapSupportedAttributes = new HashMap<PIPRequest, String>();
+ private static final Map<PIPRequest, String> mapSupportedAttributes = new HashMap<>();
static{
mapSupportedAttributes.put(new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESPONSE_ID, XACML3.ID_DATATYPE_STRING), "response");
mapSupportedAttributes.put(new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESULT_ID, XACML3.ID_DATATYPE_BOOLEAN), "result");
protected Log logger = LogFactory.getLog(this.getClass());
public AAFEngine(){
+ //default constructor
}
private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) {
this.logger.warn("Error retrieving " + pipRequest.getAttributeId().stringValue() + ": " + pipResponse.getStatus().toString());
pipResponse = null;
}
- if (pipResponse.getAttributes().size() == 0) {
+ if (pipResponse != null && pipResponse.getAttributes().isEmpty()) {
this.logger.warn("No value for " + pipRequest.getAttributeId().stringValue());
pipResponse = null;
}
if(pipResponseUID!=null && pipResponsePass!=null && pipResponseType != null && pipResponseAction!= null && pipResponseInstance!=null){
String userName = getValue(pipResponseUID);
String pass = getValue(pipResponsePass);
+
AAFPolicyClient aafClient = null;
Properties properties;
try {
try {
aafClient = AAFPolicyClient.getInstance(properties);
} catch (AAFPolicyException e) {
- logger.error("AAF configuration failed. " + e.getMessage());
+ logger.error("AAF configuration failed. " + e.getMessage() +e);
}
if(aafClient!=null){
if(aafClient.checkAuth(userName, pass)){
* First check to see if the issuer is set and then match it
*/
String string;
- if ((string = pipRequest.getIssuer()) != null) {
- if (!string.equals(this.getIssuer())) {
- this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
- return StdPIPResponse.PIP_RESPONSE_EMPTY;
- }
+
+ if((string = pipRequest.getIssuer()) != null && !string.equals(this.getIssuer())) {
+ this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
+ return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
-
+
+
/*
* Drop the issuer and see if the request matches any of our supported queries
*/
StdMutablePIPResponse stdPIPResponse = new StdMutablePIPResponse();
String response = this.getResult(pipFinder);
boolean result = false;
- if(response.contains(SUCCESS)){
+ if(response != null && response.contains(SUCCESS)){
result = true;
}
this.addBooleanAttribute(stdPIPResponse, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESULT_ID, result);
@Override
public Collection<PIPRequest> attributesRequired() {
- List<PIPRequest> attributes = new ArrayList<PIPRequest>();
+ List<PIPRequest> attributes = new ArrayList<>();
for (PIPRequest attribute: mapRequiredAttributes) {
attributes.add(new StdPIPRequest(attribute));
}
@Override
public Collection<PIPRequest> attributesProvided() {
- List<PIPRequest> attributes = new ArrayList<PIPRequest>();
+ List<PIPRequest> attributes = new ArrayList<>();
for (PIPRequest attribute : mapSupportedAttributes.keySet()) {
attributes.add(new StdPIPRequest(attribute));
}