+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import javax.servlet.http.HttpServletRequest ;\r
-\r
-import com.att.cadi.Lur;\r
-import com.att.cadi.TrustChecker;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.principal.TrustPrincipal;\r
-import com.att.cadi.taf.TafResp;\r
-import com.att.cadi.taf.TrustNotTafResp;\r
-import com.att.cadi.taf.TrustTafResp;\r
-import com.att.inno.env.util.Split;\r
-\r
-public class AAFTrustChecker implements TrustChecker {\r
- private final String tag,type,instance,action;\r
- private Lur lur;\r
-\r
- /**\r
- * \r
- * Instance will be replaced by Identity\r
- * @param lur \r
- * \r
- * @param tag\r
- * @param perm\r
- */\r
- public AAFTrustChecker(final String tag, final String perm) {\r
- this.tag = tag;\r
- String[] split = Split.split('|', perm);\r
- this.type = split[0];\r
- this.instance = split[1];\r
- this.action = split[2];\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur)\r
- */\r
- @Override\r
- public void setLur(Lur lur) {\r
- this.lur = lur;\r
- }\r
-\r
- @Override\r
- public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {\r
- String user_info = req.getHeader(tag);\r
- if(user_info !=null ) {\r
- String[] info = Split.split(',', user_info);\r
- if(info.length>0) {\r
- String[] flds = Split.split(':',info[0]);\r
- if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS"\r
- if(!tresp.getPrincipal().getName().equals(flds[0])) { // We do trust ourselves, if a trust entry is made with self\r
- if(lur.fish(tresp.getPrincipal(), new AAFPermission(type,instance,action))) {\r
- return new TrustTafResp(tresp,\r
- new TrustPrincipal(tresp.getPrincipal(), flds[0]),\r
- " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','\r
- );\r
- } else {\r
- return new TrustNotTafResp(tresp, " " + tresp.getPrincipal().getName() + \r
- " requested identity change to " + flds[0] + ", but does not have Authorization");\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- return tresp;\r
- }\r
-\r
-}\r