Code Review / aaf / cadi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Update shiro bundle & fix sidecar
[aaf/cadi.git] / shiro / src / main / java / org / onap / aaf / cadi / shiro / AAFRealm.java
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
index dbc57d7..d213b01 100644 (file)
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
@@ -22,50 +22,58 @@ package org.onap.aaf.cadi.shiro;
 
 import java.io.IOException;
 import java.security.Principal;
-import java.util.ArrayList;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Set;
 import java.util.TreeMap;
 
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.LocatorException;
-import org.onap.aaf.cadi.Permission;
 import org.onap.aaf.cadi.PropAccess;
 import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.AAFPermission;
 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.filter.MapBathConverter;
 import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.cadi.util.Split;
 import org.onap.aaf.misc.env.APIException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+/*
+ * Note: Shiro Realm document
+ * https://shiro.apache.org/realm.html
+ */
+
 public class AAFRealm extends AuthorizingRealm {
        public static final String AAF_REALM = "AAFRealm";
        private static final Logger logger =  LoggerFactory.getLogger(AAFRealm.class);
-       private static Singleton singleton = Singleton.singleton();
        
-       private static class Singleton {
-               private AAFCon<?> acon;
-               private AAFAuthn<?> authn;
-               private Set<Class<? extends AuthenticationToken>> supports;
-               private AAFLurPerm authz;
+       // Package on purpose
+       static Singleton singleton = Singleton.singleton();
+       
+       public static class Singleton {
+               public AAFCon<?> acon;
+               public AAFAuthn<?> authn;
+               public AAFLurPerm authz;
+//             private Set<Class<? extends AuthenticationToken>> supports;
+               
                private MapBathConverter mbc;
                private Map<String,String> idMap;
                private Singleton() {
+                       logger.info("Creating AAFRealm.Singleton");
                        mbc = null;
                        idMap = null;
                        String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
@@ -82,7 +90,7 @@ public class AAFRealm extends AuthorizingRealm {
                                        final String csv = access.getProperty(Config.CADI_BATH_CONVERT);
                                        if(csv!=null) {
                                                try {
-                                                       mbc = new MapBathConverter(access, new CSV(csv));
+                                                       mbc = new MapBathConverter(access, new CSV(access,csv));
                                                        access.log(Level.INFO, "MapBathConversion enabled with file ",csv);
                                                        idMap = Collections.synchronizedMap(new TreeMap<String,String>());
                                                        // Load 
@@ -104,7 +112,6 @@ public class AAFRealm extends AuthorizingRealm {
                                                                        }
                                                                }
                                                                idMap.put(oldID,newID);
-                                                               
                                                        }
                                                } catch (IOException e) {
                                                        access.log(e);
@@ -116,8 +123,10 @@ public class AAFRealm extends AuthorizingRealm {
                                        throw new RuntimeException(msg,e);
                                }
                        }
-                       supports = Collections.synchronizedSet(new HashSet<>());
-                       supports.add(UsernamePasswordToken.class);
+                       
+                       // There is only one of these.  If there are more, put back 
+//                     supports = Collections.synchronizedSet(new HashSet<>());
+//                     supports.add(UsernamePasswordToken.class);
                }
                
                public static synchronized Singleton singleton() {
@@ -223,6 +232,7 @@ public class AAFRealm extends AuthorizingRealm {
 
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+               logger.debug("AAFRealm.doGetAuthenticationInfo");
                final UsernamePasswordToken upt = (UsernamePasswordToken)token;
                final String user = upt.getUsername();
                String authUser = user; 
@@ -265,23 +275,19 @@ public class AAFRealm extends AuthorizingRealm {
 
        @Override
        protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException {
-               
+               logger.debug("AAFRealm.assertCredentialsMatch");
                if(ai instanceof AAFAuthenticationInfo) {
                        if(!((AAFAuthenticationInfo)ai).matches(atoken)) {
                                throw new AuthenticationException("Credentials do not match");
                        }
-                       
                } else {
                        throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo");
-               
                }
        }
 
-
-
-
        @Override
        protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+               logger.debug("AAFRealm.doGetAuthorizationInfo");
                Principal bait = (Principal)principals.getPrimaryPrincipal();
                Principal newBait = bait;
                if(singleton.idMap!=null) {
@@ -296,14 +302,14 @@ public class AAFRealm extends AuthorizingRealm {
                                };
                        }
                }
-               List<Permission> pond = new ArrayList<>();
-               singleton.authz.fishAll(newBait,pond);
-               return new AAFAuthorizationInfo(singleton.access,bait,pond);
+               return new AAFAuthorizationInfo(singleton.access,newBait);
        }
 
        @Override
        public boolean supports(AuthenticationToken token) {
-               return singleton.supports.contains(token.getClass());
+               // Only one was being loaded.  If more are needed uncomment the multi-class mode
+               return token instanceof UsernamePasswordToken;
+//             return singleton.supports.contains(token.getClass());
        }
 
        @Override
@@ -311,4 +317,58 @@ public class AAFRealm extends AuthorizingRealm {
                return AAF_REALM;
        }
 
+       private AAFPermission aafPerm(String permission) {
+               String[] pa = Split.splitTrim('|', permission);
+               switch(pa.length) {
+                       case 3:
+                               return new AAFPermission(null,pa[0],pa[1],pa[2]);
+                       case 4:
+                               return new AAFPermission(pa[0],pa[1],pa[2],pa[3]);
+                       default:
+                               return null;
+               }
+       }
+
+       @Override
+    public boolean isPermitted(PrincipalCollection principals, String permission) {
+               logger.debug("AAFRealm.isPermitted(principals,permission<String>)");
+               AAFPermission ap = aafPerm(permission);
+               if(ap!=null) {
+                       return singleton.authz.fish((Principal)principals.getPrimaryPrincipal(), ap);
+               }
+               return false;
+    }
+       
+       @Override
+       protected boolean isPermitted(org.apache.shiro.authz.Permission permission, AuthorizationInfo info) {
+               logger.debug("AAFRealm.isPermitted(shiro.Permission,AuthorizationInfo)");
+               if(info instanceof AAFAuthorizationInfo) {
+                       AAFPermission ap = aafPerm(permission.toString());
+                       if(ap!=null) {
+                               return singleton.authz.fish(((AAFAuthorizationInfo)info).principal(), ap);
+                       }
+                       return false;
+               }
+               return super.isPermitted(permission, info);
+       }
+
+       @Override
+       protected boolean[] isPermitted(List<org.apache.shiro.authz.Permission> permissions, AuthorizationInfo info) {
+               logger.debug("AAFRealm.isPermitted(List<shiro.Permission>,AuthorizationInfo)");
+               if(info instanceof AAFAuthorizationInfo) {
+                       boolean rv[] = new boolean[permissions.size()];
+                       int i=0;
+                       for(org.apache.shiro.authz.Permission sp : permissions) {
+                               AAFPermission ap = aafPerm(sp.toString());
+                               if(ap!=null) {
+                                       rv[i++]=singleton.authz.fish(((AAFAuthorizationInfo)info).principal(), ap);
+                               } else {
+                                       rv[i++]=false;
+                               }
+                       }
+                       return rv;
+               } 
+               return super.isPermitted(permissions, info);
+       }
+
 }
ARCHIVED- 2022-02-15 at the request of the project