import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
+import org.onap.aaf.cadi.util.CSV;
import org.onap.aaf.misc.env.APIException;
public class AAFRealm extends AuthorizingRealm {
private AAFAuthn<?> authn;
private HashSet<Class<? extends AuthenticationToken>> supports;
private AAFLurPerm authz;
+ private MapBathConverter mbc;
/**
*/
public AAFRealm () {
access = new PropAccess(); // pick up cadi_prop_files from VM_Args
+ mbc = null;
String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
if(cadi_prop_files==null) {
String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm.";
acon = AAFCon.newInstance(access);
authn = acon.newAuthn();
authz = acon.newLur(authn);
+
+ final String csv = access.getProperty(Config.CADI_BATH_CONVERT);
+ if(csv!=null) {
+ try {
+ mbc = new MapBathConverter(access, new CSV(csv));
+ access.printf(Level.INIT, "MapBathConversion enabled with file %s\n",csv);
+ } catch (IOException e) {
+ access.log(e);
+ }
+ }
} catch (APIException | CadiException | LocatorException e) {
String msg = "Cannot initiate AAFRealm";
access.log(Level.INIT,msg,e.getMessage());
access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token);
final UsernamePasswordToken upt = (UsernamePasswordToken)token;
+ String user = upt.getUsername();
String password=new String(upt.getPassword());
+ if(mbc!=null) {
+ try {
+ final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password);
+ String bath = mbc.convert(access, oldBath);
+ if(bath!=oldBath) {
+ bath = Symm.base64noSplit.decode(bath.substring(6));
+ int colon = bath.indexOf(':');
+ if(colon>=0) {
+ user = bath.substring(0, colon);
+ password = bath.substring(colon+1);
+ }
+ }
+ } catch (IOException e) {
+ access.log(e);
+ }
+ }
String err;
try {
- err = authn.validate(upt.getUsername(),password);
+ err = authn.validate(user,password);
} catch (IOException e) {
err = "Credential cannot be validated";
access.log(e, err);
return new AAFAuthenticationInfo(
access,
- upt.getUsername(),
+ user,
password
);
}