+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.dao.aaf.cass;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.DataOutputStream;\r
-import java.io.IOException;\r
-import java.nio.ByteBuffer;\r
-import java.util.Date;\r
-import java.util.List;\r
-\r
-import com.att.authz.env.AuthzTrans;\r
-import com.att.authz.layer.Result;\r
-import com.att.dao.Bytification;\r
-import com.att.dao.Cached;\r
-import com.att.dao.CassDAOImpl;\r
-import com.att.dao.DAOException;\r
-import com.att.dao.Loader;\r
-import com.att.dao.Streamer;\r
-import com.att.dao.aaf.hl.Question;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.Slot;\r
-import com.att.inno.env.util.Chrono;\r
-import com.datastax.driver.core.Cluster;\r
-import com.datastax.driver.core.Row;\r
-\r
-public class UserRoleDAO extends CassDAOImpl<AuthzTrans,UserRoleDAO.Data> {\r
- public static final String TABLE = "user_role";\r
- \r
- public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
-\r
- private static final String TRANS_UR_SLOT = "_TRANS_UR_SLOT_";\r
- public Slot transURSlot;\r
- \r
- private final HistoryDAO historyDAO;\r
- private final CacheInfoDAO infoDAO;\r
- \r
- private PSInfo psByUser, psByRole, psUserInRole;\r
-\r
-\r
-\r
- public UserRoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
- super(trans, UserRoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
- transURSlot = trans.slot(TRANS_UR_SLOT);\r
- init(trans);\r
-\r
- // Set up sub-DAOs\r
- historyDAO = new HistoryDAO(trans, this);\r
- infoDAO = new CacheInfoDAO(trans,this);\r
- }\r
-\r
- public UserRoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {\r
- super(trans, UserRoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
- transURSlot = trans.slot(TRANS_UR_SLOT);\r
- historyDAO = hDAO;\r
- infoDAO = ciDAO;\r
- init(trans);\r
- }\r
-\r
- private static final int KEYLIMIT = 2;\r
- public static class Data extends CacheableData implements Bytification {\r
- public String user;\r
- public String role;\r
- public String ns; \r
- public String rname; \r
- public Date expires;\r
- \r
- @Override\r
- public int[] invalidate(Cached<?,?> cache) {\r
- // Note: I'm not worried about Name collisions, because the formats are different:\r
- // myName ... etc versus\r
- // com. ...\r
- // The "dot" makes the difference.\r
- return new int[] {\r
- seg(cache,user,role),\r
- seg(cache,user),\r
- seg(cache,role)\r
- };\r
- }\r
-\r
- @Override\r
- public ByteBuffer bytify() throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- URLoader.deflt.marshal(this,new DataOutputStream(baos));\r
- return ByteBuffer.wrap(baos.toByteArray());\r
- }\r
- \r
- @Override\r
- public void reconstitute(ByteBuffer bb) throws IOException {\r
- URLoader.deflt.unmarshal(this, toDIS(bb));\r
- }\r
-\r
- public void role(String ns, String rname) {\r
- this.ns = ns;\r
- this.rname = rname;\r
- this.role = ns + '.' + rname;\r
- }\r
- \r
- public void role(RoleDAO.Data rdd) {\r
- ns = rdd.ns;\r
- rname = rdd.name;\r
- role = rdd.fullName();\r
- }\r
-\r
- \r
- public boolean role(AuthzTrans trans, Question ques, String role) {\r
- this.role = role;\r
- Result<NsSplit> rnss = ques.deriveNsSplit(trans, role);\r
- if(rnss.isOKhasData()) {\r
- ns = rnss.value.ns;\r
- rname = rnss.value.name;\r
- return true;\r
- } else {\r
- return false;\r
- }\r
- }\r
-\r
- @Override\r
- public String toString() {\r
- return user + '|' + ns + '|' + rname + '|' + Chrono.dateStamp(expires);\r
- }\r
-\r
-\r
- }\r
- \r
- private static class URLoader extends Loader<Data> implements Streamer<Data> {\r
- public static final int MAGIC=738469903;\r
- public static final int VERSION=1;\r
- public static final int BUFF_SIZE=48;\r
- \r
- public static final URLoader deflt = new URLoader(KEYLIMIT);\r
-\r
- public URLoader(int keylimit) {\r
- super(keylimit);\r
- }\r
-\r
- @Override\r
- public Data load(Data data, Row row) {\r
- data.user = row.getString(0);\r
- data.role = row.getString(1);\r
- data.ns = row.getString(2);\r
- data.rname = row.getString(3);\r
- data.expires = row.getDate(4);\r
- return data;\r
- }\r
-\r
- @Override\r
- protected void key(Data data, int _idx, Object[] obj) {\r
- int idx = _idx;\r
- obj[idx]=data.user;\r
- obj[++idx]=data.role;\r
- }\r
-\r
- @Override\r
- protected void body(Data data, int _idx, Object[] obj) {\r
- int idx = _idx;\r
- obj[idx]=data.ns;\r
- obj[++idx]=data.rname;\r
- obj[++idx]=data.expires;\r
- }\r
- \r
- @Override\r
- public void marshal(Data data, DataOutputStream os) throws IOException {\r
- writeHeader(os,MAGIC,VERSION);\r
-\r
- writeString(os, data.user);\r
- writeString(os, data.role);\r
- writeString(os, data.ns);\r
- writeString(os, data.rname);\r
- os.writeLong(data.expires==null?-1:data.expires.getTime());\r
- }\r
-\r
- @Override\r
- public void unmarshal(Data data, DataInputStream is) throws IOException {\r
- /*int version = */readHeader(is,MAGIC,VERSION);\r
- // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
- \r
- byte[] buff = new byte[BUFF_SIZE];\r
- data.user = readString(is,buff);\r
- data.role = readString(is,buff);\r
- data.ns = readString(is,buff);\r
- data.rname = readString(is,buff);\r
- long l = is.readLong();\r
- data.expires = l<0?null:new Date(l);\r
- }\r
-\r
- };\r
- \r
- private void init(AuthzTrans trans) {\r
- String[] helper = setCRUD(trans, TABLE, Data.class, URLoader.deflt);\r
- \r
- psByUser = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ?", \r
- new URLoader(1) {\r
- @Override\r
- protected void key(Data data, int idx, Object[] obj) {\r
- obj[idx]=data.user;\r
- }\r
- },readConsistency);\r
- \r
- // Note: We understand this call may have poor performance, so only should be used in Management (Delete) func\r
- psByRole = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE role = ? ALLOW FILTERING", \r
- new URLoader(1) {\r
- @Override\r
- protected void key(Data data, int idx, Object[] obj) {\r
- obj[idx]=data.role;\r
- }\r
- },readConsistency);\r
- \r
- psUserInRole = new PSInfo(trans,SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ? AND role = ?",\r
- URLoader.deflt,readConsistency);\r
- }\r
-\r
- public Result<List<Data>> readByUser(AuthzTrans trans, String user) {\r
- return psByUser.read(trans, R_TEXT + " by User " + user, new Object[]{user});\r
- }\r
-\r
- /**\r
- * Note: Use Sparingly. Cassandra's forced key structure means this will perform fairly poorly\r
- * @param trans\r
- * @param role\r
- * @return\r
- * @throws DAOException\r
- */\r
- public Result<List<Data>> readByRole(AuthzTrans trans, String role) {\r
- return psByRole.read(trans, R_TEXT + " by Role " + role, new Object[]{role});\r
- }\r
- \r
- /**\r
- * Direct Lookup of User Role\r
- * Don't forget to check for Expiration\r
- */\r
- public Result<List<Data>> readByUserRole(AuthzTrans trans, String user, String role) {\r
- return psUserInRole.read(trans, R_TEXT + " by User " + user + " and Role " + role, new Object[]{user,role});\r
- }\r
-\r
-\r
- /**\r
- * Log Modification statements to History\r
- * @param modified which CRUD action was done\r
- * @param data entity data that needs a log entry\r
- * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
- */\r
- @Override\r
- protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
- boolean memo = override.length>0 && override[0]!=null;\r
- boolean subject = override.length>1 && override[1]!=null;\r
-\r
- HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
- HistoryDAO.Data hdRole = HistoryDAO.newInitedData();\r
- \r
- hd.user = hdRole.user = trans.user();\r
- hd.action = modified.name();\r
- // Modifying User/Role is an Update to Role, not a Create. JG, 07-14-2015\r
- hdRole.action = CRUD.update.name();\r
- hd.target = TABLE;\r
- hdRole.target = RoleDAO.TABLE;\r
- hd.subject = subject?override[1] : (data.user + '|'+data.role);\r
- hdRole.subject = data.role;\r
- switch(modified) {\r
- case create: \r
- hd.memo = hdRole.memo = memo\r
- ? String.format("%s by %s", override[0], hd.user)\r
- : String.format("%s added to %s",data.user,data.role); \r
- break;\r
- case update: \r
- hd.memo = hdRole.memo = memo\r
- ? String.format("%s by %s", override[0], hd.user)\r
- : String.format("%s - %s was updated",data.user,data.role);\r
- break;\r
- case delete: \r
- hd.memo = hdRole.memo = memo\r
- ? String.format("%s by %s", override[0], hd.user)\r
- : String.format("%s removed from %s",data.user,data.role);\r
- try {\r
- hd.reconstruct = hdRole.reconstruct = data.bytify();\r
- } catch (IOException e) {\r
- trans.warn().log(e,"Deleted UserRole could not be serialized");\r
- }\r
- break;\r
- default:\r
- hd.memo = hdRole.memo = memo\r
- ? String.format("%s by %s", override[0], hd.user)\r
- : "n/a";\r
- }\r
-\r
- if(historyDAO.create(trans, hd).status!=Status.OK) {\r
- trans.error().log("Cannot log to History");\r
- }\r
- \r
- if(historyDAO.create(trans, hdRole).status!=Status.OK) {\r
- trans.error().log("Cannot log to History");\r
- }\r
- // uses User as Segment\r
- if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
- trans.error().log("Cannot touch CacheInfo");\r
- }\r
- }\r
-}\r
Code Review / aaf / authz.git / blobdiff