X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdirect%2FDirectAAFUserPass.java;h=62e1592f9712f4e22289dd4b832b2e0739eab9f3;hb=a77e3d6e9180c1722a9d18f7717034bb0650a130;hp=f241cdf1cdc117b5808184e34069ebbc7755b542;hpb=71037c39a37d3549dcfe31926832a657744fbe05;p=aaf%2Fauthz.git diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java index f241cdf1..62e1592f 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java @@ -42,42 +42,51 @@ import org.onap.aaf.cadi.CredVal; * */ public class DirectAAFUserPass implements CredVal { - private final AuthzEnv env; - private final Question question; - - public DirectAAFUserPass(AuthzEnv env, Question question) { - this.env = env; - this.question = question; - } + private final AuthzEnv env; + private final Question question; + + public DirectAAFUserPass(AuthzEnv env, Question question) { + this.env = env; + this.question = question; + } - @Override - public boolean validate(String user, Type type, byte[] pass, Object state) { - try { - AuthzTrans trans; - if(state !=null) { - if(state instanceof AuthzTrans) { - trans = (AuthzTrans)state; - } else { - trans = env.newTransNoAvg(); - if(state instanceof HttpServletRequest) { - trans.set((HttpServletRequest)state); - } - } - } else { - trans = env.newTransNoAvg(); - } - Result result = question.doesUserCredMatch(trans, user, pass); - trans.logAuditTrail(env.info()); - switch(result.status) { - case OK: - return true; - default: - String ip = trans.ip()==null?"":(", ip="+trans.ip()); - env.warn().log(user, "failed password validation" + ip + ':',result.errorString()); - } - } catch (DAOException e) { - env.error().log(e,"Cannot validate user/pass from cassandra"); - } - return false; - } + @Override + public boolean validate(String user, Type type, byte[] pass, Object state) { + if(user==null || type==null || pass==null) { + return false; + } + + try { + AuthzTrans trans; + boolean transfer = false; + if (state !=null) { + if (state instanceof AuthzTrans) { + trans = (AuthzTrans)state; + } else { + trans = env.newTransNoAvg(); + if (state instanceof HttpServletRequest) { + trans.set((HttpServletRequest)state); + transfer=true; + } + } + } else { + trans = env.newTransNoAvg(); + } + Result result = question.doesUserCredMatch(trans, user, pass); + if(transfer) { + ((HttpServletRequest)state).setAttribute("CRED_TAG", trans.getTag()); + } + trans.logAuditTrail(env.debug()); + switch(result.status) { + case OK: + return true; + default: + String ip = trans.ip()==null?"":trans.ip(); + env.audit().printf("user=%s,tag=%s,ip=%s,msg=\"failed password validation: %s\"",user,trans.getTag(),ip,result.errorString()); + } + } catch (DAOException e) { + env.error().log(e,"Cannot validate user/pass from cassandra"); + } + return false; + } }