X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFAuthn.java;h=dbb9d5c9aec2a402446a09ccb196d315dca13b3c;hb=55789c5859aff784f6b3cb45e17375c5be1c4cf3;hp=c48e35f4d21b7bfa8ab8f91e26cb54de39f6670a;hpb=1296352d8eafee57f982a4342ad79ada4aa56d28;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java index c48e35f4..dbb9d5c9 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java @@ -22,13 +22,18 @@ package org.onap.aaf.cadi.aaf.v2_0; import java.io.IOException; +import java.net.URI; +import java.util.ArrayList; +import java.util.List; import org.onap.aaf.cadi.AbsUserCache; +import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CachedPrincipal; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.User; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.lur.ConfigPrincipal; import aaf.v2_0.CredRequest; @@ -137,32 +142,51 @@ public class AAFAuthn extends AbsUserCache { } public Resp revalidate(Object state) { - try { - Miss missed = missed(getName(),getCred()); - if (missed==null || missed.mayContinue()) { - CredRequest cr = new CredRequest(); - cr.setId(getName()); - cr.setPassword(new String(getCred())); - Future fp = con.client().readPost("/authn/validate", con.credReqDF, cr); - //Rcli client = con.client().forUser(con.basicAuth(getName(), new String(getCred()))); - //Future fp = client.read( - // "/authn/basicAuth", - // "text/plain" - // ); - if (fp.get(con.timeout)) { - expires = System.currentTimeMillis() + timeToLive; - addUser(new User(this, expires)); - return Resp.REVALIDATED; + int maxRetries = 15; + try { // these SHOULD be AAFConHttp and AAFLocator objects, but put in a try anyway to be safe + AAFConHttp forceCastCon = (AAFConHttp) con; + AAFLocator forceCastLoc = (AAFLocator) forceCastCon.hman().loc; + maxRetries = forceCastLoc.maxIters(); + } catch (Exception e) { + access.log(Access.Level.DEBUG, e); + } + List attemptedUris = new ArrayList<>(); + URI thisUri = null; + for (int retries = 0;; retries++) { + try { + Miss missed = missed(getName(), getCred()); + if (missed == null || missed.mayContinue()) { + CredRequest cr = new CredRequest(); + cr.setId(getName()); + cr.setPassword(new String(getCred())); + Rcli client = con.clientIgnoreAlreadyAttempted(attemptedUris); + thisUri = client.getURI(); + Future fp = client.readPost("/authn/validate", con.credReqDF, cr); + //Rcli client = con.client().forUser(con.basicAuth(getName(), new String(getCred()))); + //Future fp = client.read( + // "/authn/basicAuth", + // "text/plain" + // ); + if (fp.get(con.timeout)) { + expires = System.currentTimeMillis() + timeToLive; + addUser(new User(this, expires)); + return Resp.REVALIDATED; + } else { + addMiss(getName(), getCred()); + return Resp.UNVALIDATED; + } } else { - addMiss(getName(), getCred()); return Resp.UNVALIDATED; } - } else { - return Resp.UNVALIDATED; + } catch (Exception e) { + if (thisUri != null) { + attemptedUris.add(thisUri); + } + con.access.log(e); + if (retries > maxRetries) { + return Resp.INACCESSIBLE; + } } - } catch (Exception e) { - con.access.log(e); - return Resp.INACCESSIBLE; } }