X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdirect%2FDirectAAFLur.java;h=b25e205414b9bcefbe9bb2b523e380ec7aa495c3;hb=f5fdc4f2d1f87001364ccf462c1398a10e84fdcf;hp=eb44e143fb0f0ed4a35c07bd7f34b61690659339;hpb=32cdd553a8668e6d03a9cf5b11b360d35a63c87f;p=aaf%2Fauthz.git diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java index eb44e143..b25e2054 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -42,158 +42,159 @@ import org.onap.aaf.cadi.lur.LocalPermission; import org.onap.aaf.misc.env.util.Split; public class DirectAAFLur implements Lur { - private final AuthzEnv env; - private final Question question; - - public DirectAAFLur(AuthzEnv env, Question question/*, TokenMgr tm*/) { - this.env = env; - this.question = question; -// oauth = new OAuth2Lur(null); - } - - @Override - public boolean fish(Principal bait, Permission ... pond) { - return fish(env.newTransNoAvg(),bait,pond); - } - - public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) { - boolean rv = false; - Result> pdr = question.getPermsByUser(trans, bait.getName(),false); - switch(pdr.status) { - case OK: - for(PermDAO.Data d : pdr.value) { - if(!rv) { - for (Permission p : pond) { - if(new PermPermission(d).match(p)) { - rv=true; - break; - } - } - } - } - break; - case Status.ERR_UserRoleNotFound: - case Status.ERR_BadData: - return false; - default: - trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details); - } - return rv; - } - - @Override - public void fishAll(Principal bait, List permissions) { - Result> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false); - switch(pdr.status) { - case OK: - for(PermDAO.Data d : pdr.value) { - permissions.add(new PermPermission(d)); - } - break; - default: - env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details); - } - } - - @Override - public void destroy() { - } - - @Override - public boolean handlesExclusively(Permission ... pond) { - return false; - } - - /** - * Small Class implementing CADI's Permission with Cassandra Data - * @author Jonathan - * - */ - public static class PermPermission implements Permission { - private PermDAO.Data data; - - public PermPermission(PermDAO.Data d) { - data = d; - } - - public PermPermission(AuthzTrans trans, Question q, String p) { - data = PermDAO.Data.create(trans, q, p); - } - - public PermPermission(String ns, String type, String instance, String action) { - data = new PermDAO.Data(); - data.ns = ns; - data.type = type; - data.instance = instance; - data.action = action; - } - - @Override - public String getKey() { - return data.type; - } - - @Override - public boolean match(Permission p) { - if(p==null) { - return false; - } - PermDAO.Data pd; - if(p instanceof DirectAAFLur.PermPermission) { - pd = ((DirectAAFLur.PermPermission)p).data; - if(data.ns.equals(pd.ns)) - if(data.type.equals(pd.type)) - if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance))) - if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action))) - return true; - } else{ - String[] lp = p.getKey().split("\\|"); - if(lp.length<3)return false; - if(data.fullType().equals(lp[0])) - if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance))) - if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action))) - return true; - } - return false; - } - - @Override - public String permType() { - return "AAFLUR"; - } - - } - - public String toString() { - return "DirectAAFLur is enabled"; - - } - - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) - */ - @Override - public boolean handles(Principal principal) { - return true; - } - - @Override - public Permission createPerm(String p) { - String[] params = Split.split('|', p); - if(params.length==3) { - Result nss = question.deriveNsSplit(NullTrans.singleton(), params[0]); - if(nss.isOK()) { - return new PermPermission(nss.value.ns,nss.value.name,params[1],params[2]); - } - } - return new LocalPermission(p); - } - - @Override - public void clear(Principal p, StringBuilder sb) { - AuthzTrans trans = env.newTrans(); - question.clearCache(trans,"all"); - env.log(Level.AUDIT, p.getName(), "has cleared Cache for",getClass().getSimpleName()); - trans.auditTrail(0, sb); - } + private final AuthzEnv env; + private final Question question; + + public DirectAAFLur(AuthzEnv env, Question question/*, TokenMgr tm*/) { + this.env = env; + this.question = question + } + + @Override + public boolean fish(Principal bait, Permission ... pond) { + return fish(env.newTransNoAvg(),bait,pond); + } + + public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) { + boolean rv = false; + Result> pdr = question.getPermsByUser(trans, bait.getName(),false); + switch(pdr.status) { + case OK: + for (PermDAO.Data d : pdr.value) { + if (!rv) { + for (Permission p : pond) { + if (new PermPermission(d).match(p)) { + rv=true; + break; + } + } + } + } + break; + case Status.ERR_UserRoleNotFound: + case Status.ERR_BadData: + return false; + default: + trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details); + } + return rv; + } + + @Override + public void fishAll(Principal bait, List permissions) { + Result> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false); + switch(pdr.status) { + case OK: + for (PermDAO.Data d : pdr.value) { + permissions.add(new PermPermission(d)); + } + break; + default: + env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details); + } + } + + @Override + public void destroy() { + } + + @Override + public boolean handlesExclusively(Permission ... pond) { + return false; + } + + /** + * Small Class implementing CADI's Permission with Cassandra Data + * @author Jonathan + * + */ + public static class PermPermission implements Permission { + private PermDAO.Data data; + + public PermPermission(PermDAO.Data d) { + data = d; + } + + public PermPermission(AuthzTrans trans, Question q, String p) { + data = PermDAO.Data.create(trans, q, p); + } + + public PermPermission(String ns, String type, String instance, String action) { + data = new PermDAO.Data(); + data.ns = ns; + data.type = type; + data.instance = instance; + data.action = action; + } + + @Override + public String getKey() { + return data.type; + } + + @Override + public boolean match(Permission p) { + if (p==null) { + return false; + } + PermDAO.Data pd; + if (p instanceof DirectAAFLur.PermPermission) { + pd = ((DirectAAFLur.PermPermission)p).data; + if (data.ns.equals(pd.ns)) + if (data.type.equals(pd.type)) + if (data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance))) + if (data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action))) + return true; + } else{ + String[] lp = p.getKey().split("\\|"); + if (lp.length<3) { + return false; + } + if (data.fullType().equals(lp[0])) + if (data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance))) + if (data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action))) + return true; + } + return false; + } + + @Override + public String permType() { + return "AAFLUR"; + } + + } + + public String toString() { + return "DirectAAFLur is enabled"; + + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) + */ + @Override + public boolean handles(Principal principal) { + return true; + } + + @Override + public Permission createPerm(String p) { + String[] params = Split.split('|', p); + if (params.length==3) { + Result nss = question.deriveNsSplit(NullTrans.singleton(), params[0]); + if (nss.isOK()) { + return new PermPermission(nss.value.ns,nss.value.name,params[1],params[2]); + } + } + return new LocalPermission(p); + } + + @Override + public void clear(Principal p, StringBuilder sb) { + AuthzTrans trans = env.newTrans(); + question.clearCache(trans,"all"); + env.log(Level.AUDIT, p.getName(), "has cleared Cache for",getClass().getSimpleName()); + trans.auditTrail(0, sb); + } }