+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConDME2;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-\r
-public class JU_ExamplePerm2_0 {\r
- public static void main(String args[]) {\r
-\r
- // Link or reuse to your Logging mechanism\r
- PropAccess myAccess = new PropAccess(); \r
- \r
- // \r
- try {\r
- AAFCon<?> acon = new AAFConDME2(myAccess);\r
- \r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- AAFLurPerm aafLur = acon.newLur();\r
- \r
- // Note: If you need both Authn and Authz construct the following:\r
- AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);\r
-\r
- // Do not set Mech ID until after you construct AAFAuthn,\r
- // because we initiate "401" info to determine the Realm of \r
- // of the service we're after.\r
- acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");\r
-\r
- try {\r
- \r
- // Normally, you obtain Principal from Authentication System.\r
- // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
- // If you use CADI as Authenticator, it will get you these Principals from\r
- // CSP or BasicAuth mechanisms.\r
- String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";\r
-\r
- // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
- String ok = aafAuthn.validate(id, "XXXXXX");\r
- if(ok!=null)System.out.println(ok);\r
- \r
- ok = aafAuthn.validate(id, "wrongPass");\r
- if(ok!=null)System.out.println(ok);\r
-\r
-\r
- // AAF Style permissions are in the form\r
- // Type, Instance, Action \r
- AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");\r
- \r
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
- // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
- // instead of creating your own LUR\r
- System.out.println("Does " + id + " have " + perm);\r
- if(aafLur.fish(id, perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- System.out.println("Does Bogus have " + perm);\r
- if(aafLur.fish("Bogus", perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- // Or you can all for all the Permissions available\r
- List<Permission> perms = new ArrayList<Permission>();\r
- \r
- aafLur.fishAll(id,perms);\r
- for(Permission prm : perms) {\r
- System.out.println(prm.getKey());\r
- }\r
- \r
- // It might be helpful in some cases to clear the User's identity from the Cache\r
- aafLur.remove(id);\r
- } finally {\r
- aafLur.destroy();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
Code Review / aaf / cadi.git / blobdiff