import org.onap.aaf.auth.dao.cass.CacheInfoDAO;
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.dao.cass.DelegateDAO;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Hash;
nss = null;
} else {
// Setup a TreeSet to check on Namespaces to
- nss = new TreeSet<String>();
+ nss = new TreeSet<>();
PermLookup fUser = PermLookup.get(trans, this, forUser);
Result<Set<String>> forUpn = fUser.getPermNames();
if(forUpn.notOK()) {
}
}
- List<PermDAO.Data> rlpUser = new ArrayList<PermDAO.Data>();
+ List<PermDAO.Data> rlpUser = new ArrayList<>();
Result<PermDAO.Data> rpdd;
PermDAO.Data pdd;
for(String pn : plPermNames.value) {
return Result.err(rlrd);
}
// Using Set to avoid duplicates
- Set<String> permNames = new HashSet<String>();
+ Set<String> permNames = new HashSet<>();
if (rlrd.isOKhasData()) {
for (RoleDAO.Data drr : rlrd.value) {
permNames.addAll(drr.perms(false));
// Note: It should be ok for a Valid user to have no permissions -
// Jonathan 8/12/2013
- List<PermDAO.Data> perms = new ArrayList<PermDAO.Data>();
+ List<PermDAO.Data> perms = new ArrayList<>();
for (String perm : permNames) {
Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, this, perm);
if (pr.notOK()) {
*
* Given a Child Namespace, figure out what the best Namespace parent is.
*
- * For instance, if in the NS table, the parent "com.att" exists, but not
+ * For instance, if in the NS table, the parent "org.osaaf" exists, but not
* "org.osaaf.child" or "org.osaaf.a.b.c", then passing in either
- * "org.osaaf.child" or "org.osaaf.a.b.c" will return "com.att"
+ * "org.osaaf.child" or "org.osaaf.a.b.c" will return "org.osaaf"
*
* Uses recursive search on Cached DAO data
*
// Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
List<CredDAO.Data> cddl;
if(result.value.size() > 1) {
- cddl = new ArrayList<CredDAO.Data>(result.value.size());
+ cddl = new ArrayList<>(result.value.size());
for(CredDAO.Data old : result.value) {
if(old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) {
cddl.add(old);
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd,dbcred);
+ load(debug, cdd);
}
break;
case CredDAO.BASIC_AUTH_SHA256:
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd, dbcred);
+ load(debug, cdd);
}
break;
default:
}
} // end for each
if(debug==null) {
- debug=new StringBuilder();
+ trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user);
} else {
- debug.append(", ");
+ trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString());
}
-
- debug.append("cred=");
- debug.append(new String(cred));
- trans.audit().printf("No cred matches ip=%s, user=%s, %s\n",trans.ip(),user,trans.encryptor().encrypt(debug.toString()));
if(expired!=null) {
// Note: this is only returned if there are no good Credentials
rv = Result.err(Status.ERR_Security,
}
- private void load(StringBuilder debug, Data cdd, byte[] dbcred) {
+ private void load(StringBuilder debug, Data cdd) {
debug.append("DB Entry: user=");
debug.append(cdd.id);
debug.append(",type=");
debug.append(cdd.type);
- debug.append(",cred=");
- debug.append(Hash.toHex(dbcred));
debug.append(",expires=");
debug.append(Chrono.dateTime(cdd.expires));
debug.append('\n');
public static synchronized boolean specialLogOn(AuthzTrans trans, String id) {
if (specialLog == null) {
- specialLog = new HashSet<String>();
+ specialLog = new HashSet<>();
}
boolean rc = specialLog.add(id);
if(rc) {
Code Review / aaf / authz.git / blobdiff