*/
package org.openecomp.policy.xacml.std.pip.engines.aaf;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import com.att.research.xacml.std.pip.StdPIPRequest;
import com.att.research.xacml.std.pip.StdPIPResponse;
import com.att.research.xacml.std.pip.engines.StdConfigurableEngine;
+import com.att.research.xacml.util.XACMLProperties;
/**
* PIP Engine for Implementing {@link com.att.research.xacml.std.pip.engines.ConfigurableEngine} interface to provide
- * attribute retrieval from AT&T AAF interface.
+ * attribute retrieval from AAF interface.
*
* @version $Revision$
*/
public class AAFEngine extends StdConfigurableEngine {
- public static final String DEFAULT_DESCRIPTION = "PIP for authenticating aaf attributes using the AT&T AAF REST interface";
- public static final String DEFAULT_ISSUER = "att-aaf";
+ public static final String DEFAULT_DESCRIPTION = "PIP for authenticating aaf attributes using the AAF REST interface";
+ public static final String DEFAULT_ISSUER = "aaf";
private static final String SUCCESS = "Success";
private static final PIPRequest PIP_REQUEST_TYPE = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_TYPE"), XACML3.ID_DATATYPE_STRING);
private static final PIPRequest PIP_REQUEST_INSTANCE = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_INSTANCE"), XACML3.ID_DATATYPE_STRING);
private static final PIPRequest PIP_REQUEST_ACTION = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_ACTION"), XACML3.ID_DATATYPE_STRING);
- private static final PIPRequest PIP_REQUEST_ENV = new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, new IdentifierImpl("AAF_ENVIRONMENT"), XACML3.ID_DATATYPE_STRING);
- private static final List<PIPRequest> mapRequiredAttributes = new ArrayList<PIPRequest>();
+ private static final List<PIPRequest> mapRequiredAttributes = new ArrayList<>();
static{
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_UID));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_PASS));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_TYPE));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_INSTANCE));
mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_ACTION));
- mapRequiredAttributes.add(new StdPIPRequest(PIP_REQUEST_ENV));
}
- private static final Map<PIPRequest, String> mapSupportedAttributes = new HashMap<PIPRequest, String>();
+ private static final Map<PIPRequest, String> mapSupportedAttributes = new HashMap<>();
static{
mapSupportedAttributes.put(new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESPONSE_ID, XACML3.ID_DATATYPE_STRING), "response");
mapSupportedAttributes.put(new StdPIPRequest(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESULT_ID, XACML3.ID_DATATYPE_BOOLEAN), "result");
protected Log logger = LogFactory.getLog(this.getClass());
public AAFEngine(){
+ //default constructor
}
private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) {
this.logger.warn("Error retrieving " + pipRequest.getAttributeId().stringValue() + ": " + pipResponse.getStatus().toString());
pipResponse = null;
}
- if (pipResponse.getAttributes().size() == 0) {
+ if (pipResponse != null && pipResponse.getAttributes().isEmpty()) {
this.logger.warn("No value for " + pipRequest.getAttributeId().stringValue());
pipResponse = null;
}
PIPResponse pipResponseType = this.getAttribute(PIP_REQUEST_TYPE, pipFinder);
PIPResponse pipResponseAction = this.getAttribute(PIP_REQUEST_ACTION, pipFinder);
PIPResponse pipResponseInstance = this.getAttribute(PIP_REQUEST_INSTANCE, pipFinder);
- PIPResponse pipResponseEnv = this.getAttribute(PIP_REQUEST_ENV, pipFinder);
String response = null;
// Evaluate AAF if we have all the required values.
- if(pipResponseUID!=null && pipResponsePass!=null && pipResponseType != null && pipResponseAction!= null && pipResponseInstance!=null && pipResponseEnv!=null){
- // Check the Environment.
- String environment = getValue(pipResponseEnv);
- if(environment == null){
- response = "Environment Value is not set. ";
- }
+ if(pipResponseUID!=null && pipResponsePass!=null && pipResponseType != null && pipResponseAction!= null && pipResponseInstance!=null){
String userName = getValue(pipResponseUID);
String pass = getValue(pipResponsePass);
+
AAFPolicyClient aafClient = null;
- Properties properties = new Properties();
- if(environment.equalsIgnoreCase("PROD")){
- properties.setProperty("ENVIRONMENT", "PROD");
- }else if(environment.equalsIgnoreCase("TEST")){
- properties.setProperty("ENVIRONMENT", "TEST");
- }else{
- properties.setProperty("ENVIRONMENT", "DEVL");
- }
- logger.debug("environment : " + environment);
+ Properties properties;
+ try {
+ properties = XACMLProperties.getProperties();
+ logger.debug("environment : " + properties.getProperty("ENVIRONMENT"));
+ } catch (IOException e1) {
+ logger.error("Exception while getting the properties " + e1);
+ properties = new Properties();
+ properties.setProperty("AAF_LOG_LEVEL", "DEBUG");
+ }
if(userName!=null && pass!=null){
try {
aafClient = AAFPolicyClient.getInstance(properties);
} catch (AAFPolicyException e) {
- logger.error("AAF configuration failed. " + e.getMessage());
+ logger.error("AAF configuration failed. " + e.getMessage() +e);
}
if(aafClient!=null){
if(aafClient.checkAuth(userName, pass)){
* First check to see if the issuer is set and then match it
*/
String string;
- if ((string = pipRequest.getIssuer()) != null) {
- if (!string.equals(this.getIssuer())) {
- this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
- return StdPIPResponse.PIP_RESPONSE_EMPTY;
- }
+
+ if((string = pipRequest.getIssuer()) != null && !string.equals(this.getIssuer())) {
+ this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
+ return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
-
+
+
/*
* Drop the issuer and see if the request matches any of our supported queries
*/
StdMutablePIPResponse stdPIPResponse = new StdMutablePIPResponse();
String response = this.getResult(pipFinder);
boolean result = false;
- if(response.contains(SUCCESS)){
+ if(response != null && response.contains(SUCCESS)){
result = true;
}
this.addBooleanAttribute(stdPIPResponse, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, AAF_RESULT_ID, result);
@Override
public Collection<PIPRequest> attributesRequired() {
- List<PIPRequest> attributes = new ArrayList<PIPRequest>();
+ List<PIPRequest> attributes = new ArrayList<>();
for (PIPRequest attribute: mapRequiredAttributes) {
attributes.add(new StdPIPRequest(attribute));
}
@Override
public Collection<PIPRequest> attributesProvided() {
- List<PIPRequest> attributes = new ArrayList<PIPRequest>();
+ List<PIPRequest> attributes = new ArrayList<>();
for (PIPRequest attribute : mapSupportedAttributes.keySet()) {
attributes.add(new StdPIPRequest(attribute));
}
return attributes;
}
-}
+}
\ No newline at end of file
Code Review / policy / engine.git / blobdiff