--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.authz.cadi;\r
+\r
+import static org.onap.aaf.authz.layer.Result.OK;\r
+\r
+import java.security.Principal;\r
+import java.util.List;\r
+\r
+import org.onap.aaf.authz.env.AuthzEnv;\r
+import org.onap.aaf.authz.env.AuthzTrans;\r
+import org.onap.aaf.authz.layer.Result;\r
+import org.onap.aaf.dao.aaf.cass.PermDAO;\r
+import org.onap.aaf.dao.aaf.cass.PermDAO.Data;\r
+import org.onap.aaf.dao.aaf.hl.Question;\r
+\r
+import org.onap.aaf.cadi.Lur;\r
+import org.onap.aaf.cadi.Permission;\r
+\r
+public class DirectAAFLur implements Lur {\r
+ private final AuthzEnv env;\r
+ private final Question question;\r
+ \r
+ public DirectAAFLur(AuthzEnv env, Question question) {\r
+ this.env = env;\r
+ this.question = question;\r
+ }\r
+\r
+ @Override\r
+ public boolean fish(Principal bait, Permission pond) {\r
+ return fish(env.newTransNoAvg(),bait,pond);\r
+ }\r
+ \r
+ public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {\r
+ Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);\r
+ switch(pdr.status) {\r
+ case OK:\r
+ for(PermDAO.Data d : pdr.value) {\r
+ if(new PermPermission(d).match(pond)) return true;\r
+ }\r
+ break;\r
+ default:\r
+ trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);\r
+ }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public void fishAll(Principal bait, List<Permission> permissions) {\r
+ Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);\r
+ switch(pdr.status) {\r
+ case OK:\r
+ for(PermDAO.Data d : pdr.value) {\r
+ permissions.add(new PermPermission(d));\r
+ }\r
+ break;\r
+ default:\r
+ env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public void destroy() {\r
+ }\r
+\r
+ @Override\r
+ public boolean handlesExclusively(Permission pond) {\r
+ return false;\r
+ }\r
+ \r
+ /**\r
+ * Small Class implementing CADI's Permission with Cassandra Data\r
+ *\r
+ */\r
+ public static class PermPermission implements Permission {\r
+ private PermDAO.Data data;\r
+ \r
+ public PermPermission(PermDAO.Data d) {\r
+ data = d;\r
+ }\r
+ \r
+ public PermPermission(AuthzTrans trans, Question q, String p) {\r
+ data = PermDAO.Data.create(trans, q, p);\r
+ }\r
+ \r
+ public PermPermission(String ns, String type, String instance, String action) {\r
+ data = new PermDAO.Data();\r
+ data.ns = ns;\r
+ data.type = type;\r
+ data.instance = instance;\r
+ data.action = action;\r
+ }\r
+\r
+ @Override\r
+ public String getKey() {\r
+ return data.type;\r
+ }\r
+\r
+ @Override\r
+ public boolean match(Permission p) {\r
+ if(p==null)return false;\r
+ PermDAO.Data pd;\r
+ if(p instanceof DirectAAFLur.PermPermission) {\r
+ pd = ((DirectAAFLur.PermPermission)p).data;\r
+ if(data.ns.equals(pd.ns))\r
+ if(data.type.equals(pd.type))\r
+ if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))\r
+ if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))\r
+ return true;\r
+ } else{\r
+ String[] lp = p.getKey().split("\\|");\r
+ if(lp.length<3)return false;\r
+ if(data.fullType().equals(lp[0]))\r
+ if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))\r
+ if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))\r
+ return true;\r
+ }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public String permType() {\r
+ return "AAFLUR";\r
+ }\r
+ \r
+ }\r
+ \r
+ public String toString() {\r
+ return "DirectAAFLur is enabled";\r
+ \r
+ }\r
+\r
+ @Override\r
+ public boolean supports(String userName) {\r
+ //TODO\r
+ return true;\r
+ }\r
+\r
+ @Override\r
+ public Permission createPerm(String p) {\r
+ // TODO Auto-generated method stub\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public void clear(Principal p, StringBuilder report) {\r
+ // TODO Auto-generated method stub\r
+ \r
+ }\r
+}\r
Code Review / aaf / authz.git / blobdiff