--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package com.att.aaf.cadi.cass;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.cassandra.auth.DataResource;
+import org.apache.cassandra.auth.IAuthenticator;
+import org.apache.cassandra.config.DatabaseDescriptor;
+import org.apache.cassandra.exceptions.ConfigurationException;
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Lur;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
+import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.lur.EpiLur;
+import org.onap.aaf.cadi.lur.LocalLur;
+
+public abstract class AAFBase {
+ protected static final Set<IAuthenticator.Option> options;
+ protected static final Set<DataResource> dataResource;
+
+ static {
+ options = new HashSet<IAuthenticator.Option>();
+ options.add(IAuthenticator.Option.PASSWORD);
+
+ dataResource = new HashSet<DataResource>();
+ dataResource.add(DataResource.columnFamily("system_auth", "credentials"));
+ }
+
+ protected static Access access;
+ protected static LocalLur localLur;
+ protected static AAFCon<?> aafcon;
+ protected static AAFAuthn<?> aafAuthn;
+ protected static AbsAAFLur<AAFPermission> aafLur;
+ protected static String default_realm;
+ protected static String cluster_name;
+ protected static String perm_type;
+ private static boolean props_ok = false;
+
+ /**
+ * If you use your own Access Class, this must be called before
+ * "setup()" is invoked by Cassandra.
+ *
+ * Otherwise, it will default to reading Properties CADI style.
+ *
+ * @param access
+ */
+ public static void setAccess(Access access) {
+ AAFBase.access = access;
+ }
+
+
+ public void validateConfiguration() throws ConfigurationException {
+ setup();
+ if(!props_ok) {
+ throw new ConfigurationException("AAF not initialized");
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public synchronized void setup() {
+ if(aafAuthn == null) {
+ try {
+ if(access==null) {
+ String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");
+ Properties initial = new Properties();
+ URL cadi_props = ClassLoader.getSystemResource(value);
+ if(cadi_props == null) {
+ File cp = new File(value);
+ if(cp.exists()) {
+ InputStream is = new FileInputStream(cp);
+ try {
+ initial.load(is);
+ } finally {
+ is.close();
+ }
+ } else {
+ System.out.printf("%s does not exist as File or in Classpath\n",value);
+ initial.setProperty(Config.CADI_PROP_FILES, value);
+ }
+ } else {
+ InputStream is = cadi_props.openStream();
+ try {
+ initial.load(is);
+ } finally {
+ is.close();
+ }
+ }
+ access = new PropAccess(initial);
+ }
+ props_ok = true;
+ if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {
+ props_ok=false;
+ } else {
+ perm_type = perm_type + ".cass";
+ }
+
+ if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {
+ if((cluster_name = DatabaseDescriptor.getClusterName())==null) {
+ props_ok=false;
+ }
+ }
+
+ if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {
+ props_ok=false;
+ }
+
+ if(props_ok==false) {
+ return;
+ }
+
+ // AAFLur has pool of DME clients as needed, and Caches Client lookups
+ SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ Lur lur = Config.configLur(si,aafcon);
+ // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon
+ if(lur instanceof EpiLur) {
+ EpiLur elur = (EpiLur)lur;
+ for(int i=0; (lur = elur.get(i))!=null;++i) {
+ if(lur instanceof AbsAAFLur) {
+ aafLur=(AbsAAFLur<AAFPermission>)lur;
+ aafcon = aafLur.aaf;
+ aafAuthn = aafLur.aaf.newAuthn(aafLur);
+ break;
+ } else if(lur instanceof LocalLur) {
+ localLur = (LocalLur)lur;
+ }
+ }
+ } else if(lur instanceof AbsAAFLur) {
+ aafLur=(AbsAAFLur<AAFPermission>)lur;
+ aafcon = aafLur.aaf;
+ aafAuthn = aafLur.aaf.newAuthn(aafLur);
+ }
+ if(aafAuthn==null) {
+ access.log(Level.INIT,"Failed to instantiate full AAF access");
+ props_ok = false;
+ }
+ } catch (Exception e) {
+ aafAuthn=null;
+ if(access!=null)access.log(e, "Failed to initialize AAF");
+ props_ok = false;
+ }
+ }
+ }
+
+ public Set<DataResource> protectedResources() {
+ access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");
+ return dataResource;
+ }
+
+ public Set<IAuthenticator.Option> supportedOptions() {
+ access.log(Level.DEBUG, "supportedOptions() called");
+ return options;
+ }
+
+ public Set<IAuthenticator.Option> alterableOptions() {
+ access.log(Level.DEBUG, "alterableOptions() called");
+ return options;
+ }
+
+
+}
Code Review / aaf / authz.git / blobdiff