update logging path for shiro
[aaf/cadi.git] / shiro / src / main / java / org / onap / aaf / cadi / shiro / AAFRealm.java
index 3577c13..091c22b 100644 (file)
 package org.onap.aaf.cadi.shiro;
 
 import java.io.IOException;
+import java.io.PrintStream;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.TreeMap;
 
+import org.apache.log4j.Logger;
+import org.apache.log4j.PropertyConfigurator;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -45,8 +51,10 @@ import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.filter.MapBathConverter;
 import org.onap.aaf.cadi.util.CSV;
 import org.onap.aaf.misc.env.APIException;
-
 public class AAFRealm extends AuthorizingRealm {
+       
+       final static Logger logger = Logger.getLogger(AAFRealm.class);
+       
        public static final String AAF_REALM = "AAFRealm";
        
        private PropAccess access;
@@ -55,6 +63,7 @@ public class AAFRealm extends AuthorizingRealm {
        private HashSet<Class<? extends AuthenticationToken>> supports;
        private AAFLurPerm authz;
        private MapBathConverter mbc;
+       private Map<String,String> idMap;
        
 
        /**
@@ -65,12 +74,22 @@ public class AAFRealm extends AuthorizingRealm {
        public AAFRealm () {
                access = new PropAccess(); // pick up cadi_prop_files from VM_Args
                mbc = null;
+               idMap = null;
                String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
                if(cadi_prop_files==null) {
                        String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm.";
                        access.log(Level.INIT,msg);
                        throw new RuntimeException(msg);
                } else {
+                       try {
+                               String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg";
+                       PropertyConfigurator.configure(log4jConfigFile);
+                       System.setOut(createLoggingProxy(System.out));
+                       System.setErr(createLoggingProxy(System.err));
+                       } catch(Exception e) {
+                               e.printStackTrace();
+                       }
+                       //System.out.println("Configuration done");
                        try {
                                acon = AAFCon.newInstance(access);
                                authn = acon.newAuthn();
@@ -80,28 +99,59 @@ public class AAFRealm extends AuthorizingRealm {
                                if(csv!=null) {
                                        try {
                                                mbc = new MapBathConverter(access, new CSV(csv));
-                                               access.printf(Level.INIT, "MapBathConversion enabled with file %s\n",csv);
+                                               logger.info("MapBathConversion enabled with file "+csv);
+                                               idMap = new TreeMap<String,String>();
+                                               // Load 
+                                               for(Entry<String, String> es : mbc.map().entrySet()) {
+                                                       String oldID = es.getKey();
+                                                       if(oldID.startsWith("Basic ")) {
+                                                               oldID = Symm.base64noSplit.decode(oldID.substring(6));
+                                                               int idx = oldID.indexOf(':');
+                                                               if(idx>=0) {
+                                                                       oldID = oldID.substring(0, idx);
+                                                               }
+                                                       }
+                                                       String newID = es.getValue();
+                                                       if(newID.startsWith("Basic ")) {
+                                                               newID = Symm.base64noSplit.decode(newID.substring(6));
+                                                               int idx = newID.indexOf(':');
+                                                               if(idx>=0) {
+                                                                       newID = newID.substring(0, idx);
+                                                               }
+                                                       }
+                                                       idMap.put(oldID,newID);
+                                               }
                                        } catch (IOException e) {
-                                               access.log(e);
+                                               logger.error(e.getMessage(), e);
                                        }
                                }
                        } catch (APIException | CadiException | LocatorException e) {
                                String msg = "Cannot initiate AAFRealm";
-                               access.log(Level.INIT,msg,e.getMessage());
+                               logger.info(msg + " "+ e.getMessage(), e);
                                throw new RuntimeException(msg,e);
                        }
                }
                supports = new HashSet<Class<? extends AuthenticationToken>>();
                supports.add(UsernamePasswordToken.class);
        }
+       public static PrintStream createLoggingProxy(final PrintStream realPrintStream) {
+        return new PrintStream(realPrintStream) {
+            public void print(final String string) {
+                realPrintStream.print(string);
+                logger.info(string);
+            }
+        };
+    }
 
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
-               access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token);
+               logger.debug("AAFRealm.doGetAuthenticationInfo :"+token);
                
                final UsernamePasswordToken upt = (UsernamePasswordToken)token;
-               String user = upt.getUsername();
-               String password=new String(upt.getPassword());
+               final String user = upt.getUsername();
+               String authUser = user; 
+               final String password=new String(upt.getPassword());
+               String authPassword = password;
                if(mbc!=null) {
                        try {
                                final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password);
@@ -110,24 +160,24 @@ public class AAFRealm extends AuthorizingRealm {
                                        bath = Symm.base64noSplit.decode(bath.substring(6));
                                        int colon = bath.indexOf(':');
                                        if(colon>=0) {
-                                               user = bath.substring(0, colon);
-                                               password = bath.substring(colon+1);
+                                               authUser = bath.substring(0, colon);
+                                               authPassword = bath.substring(colon+1);
                                        }
                                }
                        } catch (IOException e) {
-                               access.log(e);
+                               logger.error(e.getMessage(), e);
                        } 
                }
                String err;
                try {
-                       err = authn.validate(user,password);
+                       err = authn.validate(authUser,authPassword);
                } catch (IOException e) {
                        err = "Credential cannot be validated";
-                       access.log(e, err);
+                       logger.error(err, e);
                }
                
                if(err != null) {
-                       access.log(Level.DEBUG, err);
+                       logger.debug(err);
                        throw new AuthenticationException(err);
                }
 
@@ -152,10 +202,22 @@ public class AAFRealm extends AuthorizingRealm {
 
        @Override
        protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-               access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo");
+               logger.debug("AAFRealm.doGetAuthenthorizationInfo");
                Principal bait = (Principal)principals.getPrimaryPrincipal();
+               Principal newBait = bait;
+               if(idMap!=null) {
+                       final String newID = idMap.get(bait.getName());
+                       if(newID!=null) {
+                               newBait = new Principal() {
+                                       @Override
+                                       public String getName() {
+                                               return newID;
+                                       }
+                               };
+                       }
+               }
                List<Permission> pond = new ArrayList<>();
-               authz.fishAll(bait,pond);
+               authz.fishAll(newBait,pond);
                
                return new AAFAuthorizationInfo(access,bait,pond);