* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
private AAFCon<CLIENT> aaf;
private boolean warn;
private MapBathConverter mapIds;
-
+
public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
aaf = con;
initMapBathConverter();
}
-
+
// Note: Needed for Creation of this Object with Generics
@SuppressWarnings("unchecked")
public AAFTaf(Connector mustBeAAFCon, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
private void initMapBathConverter() {
String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null);
if(csvFile==null) {
- mapIds=null;
+ mapIds=null;
} else {
- try {
- mapIds = new MapBathConverter(access, new CSV(access,csvFile));
- access.log(Level.INIT,"Basic Auth Conversion using",csvFile,"enabled" );
- } catch (IOException | CadiException e) {
- access.log(e,"Bath Map Conversion is not initialized (non fatal)");
- }
+ try {
+ mapIds = new MapBathConverter(access, new CSV(access,csvFile));
+ access.log(Level.INIT,"Basic Auth Conversion using",csvFile,"enabled" );
+ } catch (IOException | CadiException e) {
+ access.log(e,"Bath Map Conversion is not initialized (non fatal)");
+ }
}
}
aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
}
if(mapIds != null) {
- authz = mapIds.convert(access, authz);
+ authz = mapIds.convert(access, authz);
}
try {
Miss miss = missed(bp.getName(), bp.getCred());
if (miss!=null && !miss.mayContinue()) {
return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
- "User/Pass Retry limit exceeded"),
+ "User/Pass Retry limit exceeded"),
RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
}
-
+
return aaf.bestForUser(
new GetSetter() {
@Override
boolean rv= addMiss(bp.getName(),bp.getCred());
if (rv) {
return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
- "user/pass combo invalid via AAF from " + req.getRemoteAddr()),
+ "user/pass combo invalid via AAF from " + req.getRemoteAddr()),
RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
} else {
return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
- "user/pass combo invalid via AAF from " + req.getRemoteAddr() + " - Retry limit exceeded"),
+ "user/pass combo invalid via AAF from " + req.getRemoteAddr() + " - Retry limit exceeded"),
RESP.FAIL,resp,aaf.getRealm(),true);
}
}
}
return new BasicHttpTafResp(aaf.access,target,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
}
-
+
private String buildMsg(Principal pr, HttpServletRequest req, Object... msg) {
StringBuilder sb = new StringBuilder();
for (Object s : msg) {
}
-
+
public Resp revalidate(CachedPrincipal prin, Object state) {
// !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal
if (prin instanceof BasicPrincipal) {