Merge "Commented out dead/unreachable code (maybe some error in control logic?)"

[aaf/authz.git] / cadi / core / src / main / java / org / onap / aaf / cadi / taf / basic / BasicHttpTaf.java
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java

index d5f6b03..dcd27d6 100644 (file)
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java
@@ -34,16 +34,20 @@ import org.onap.aaf.cadi.Access.Level;
  import org.onap.aaf.cadi.BasicCred;
  import org.onap.aaf.cadi.CachedPrincipal;
  import org.onap.aaf.cadi.CachedPrincipal.Resp;
+import org.onap.aaf.cadi.CadiException;
  import org.onap.aaf.cadi.CredVal;
  import org.onap.aaf.cadi.CredVal.Type;
  import org.onap.aaf.cadi.CredValDomain;
  import org.onap.aaf.cadi.Taf;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
  import org.onap.aaf.cadi.principal.BasicPrincipal;
  import org.onap.aaf.cadi.principal.CachedBasicPrincipal;
  import org.onap.aaf.cadi.taf.HttpTaf;
  import org.onap.aaf.cadi.taf.TafResp;
  import org.onap.aaf.cadi.taf.TafResp.RESP;
  import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
+import org.onap.aaf.cadi.util.CSV;
  
  /**
   * BasicHttpTaf
@@ -66,6 +70,7 @@ public class BasicHttpTaf implements HttpTaf {
      private Map<String,CredVal> rbacs = new TreeMap<>();
      private boolean warn;
      private long timeToLive;
+       private MapBathConverter mapIds;
      
      public BasicHttpTaf(Access access, CredVal rbac, String realm, long timeToLive, boolean turnOnWarning) {
          this.access = access;
@@ -73,6 +78,16 @@ public class BasicHttpTaf implements HttpTaf {
          this.rbac = rbac;
          this.warn = turnOnWarning;
          this.timeToLive = timeToLive;
+        String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null);
+        if(csvFile==null) {
+               mapIds=null;
+        } else {
+               try {
+                               mapIds = new MapBathConverter(access, new CSV(access,csvFile));
+                       } catch (IOException | CadiException e) {
+                               access.log(e,"Bath Map Conversion is not initialzed (non fatal)");
+                       }
+        }
      }
  
      public void add(final CredValDomain cvd) {
@@ -105,19 +120,25 @@ public class BasicHttpTaf implements HttpTaf {
                      return new BasicHttpTafResp(access,bp,bp.getName()+" authenticated by password",RESP.IS_AUTHENTICATED,resp,realm,false);
                  } else {
                      //TODO may need timed retries in a given time period
-                    return new BasicHttpTafResp(access,null,buildMsg(bp,req,"user/pass combo invalid for ",bc.getUser(),"from",req.getRemoteAddr()), 
+                    return new BasicHttpTafResp(access,bc.getUser(),buildMsg(bp,req,"user/pass combo invalid for ",bc.getUser(),"from",req.getRemoteAddr()), 
                              RESP.TRY_AUTHENTICATING,resp,realm,true);
                  }
              }
          }
          // Get User/Password from Authorization Header value
          String authz = req.getHeader("Authorization");
+        String target="unknown";
+
          if (authz != null && authz.startsWith("Basic ")) {
              if (warn&&!req.isSecure()) {
                  access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
              }
+            if(mapIds != null) {
+               authz = mapIds.convert(access, authz);
+            }
              try {
                  CachedBasicPrincipal ba = new CachedBasicPrincipal(this,authz,realm,timeToLive);
+                target=ba.getName();
                  if (DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {
                      return DenialOfServiceTaf.respDenyID(access,ba.getName());
                  }
@@ -134,16 +155,16 @@ public class BasicHttpTaf implements HttpTaf {
                      return new BasicHttpTafResp(access,ba, ba.getName()+" authenticated by BasicAuth password",RESP.IS_AUTHENTICATED,resp,realm,false);
                  } else {
                      //TODO may need timed retries in a given time period
-                    return new BasicHttpTafResp(access,null,buildMsg(ba,req,"user/pass combo invalid"), 
+                    return new BasicHttpTafResp(access,target,buildMsg(ba,req,"user/pass combo invalid"), 
                              RESP.TRY_AUTHENTICATING,resp,realm,true);
                  }
              } catch (IOException e) {
                  String msg = buildMsg(null,req,"Failed HTTP Basic Authorization (", e.getMessage(), ')');
                  access.log(Level.INFO,msg);
-                return new BasicHttpTafResp(access,null,msg, RESP.TRY_AUTHENTICATING, resp, realm,true);
+                return new BasicHttpTafResp(access,target,msg, RESP.TRY_AUTHENTICATING, resp, realm,true);
              }
          }
-        return new BasicHttpTafResp(access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,realm,false);
+        return new BasicHttpTafResp(access,target,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,realm,false);
      }
      
      protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {