X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdirect%2FDirectAAFUserPass.java;h=f5b7779b2a6fa051a665200e6c1fa9dd13a79d81;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=f241cdf1cdc117b5808184e34069ebbc7755b542;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java
index f241cdf1..f5b7779b 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -37,47 +37,56 @@ import org.onap.aaf.cadi.CredVal;
 /**
  * DirectAAFUserPass is intended to provide password Validation directly from Cassandra Database, and is only
  * intended for use in AAF itself.  The normal "AAF Taf" objects are, of course, clients.
- * 
+ *
  * @author Jonathan
  *
  */
 public class DirectAAFUserPass implements CredVal {
-	private final AuthzEnv env;
-	private final Question question;
-	
-	public DirectAAFUserPass(AuthzEnv env, Question question) {
-		this.env = env;
-		this.question = question;
-	}
+    private final AuthzEnv env;
+    private final Question question;
+
+    public DirectAAFUserPass(AuthzEnv env, Question question) {
+        this.env = env;
+        this.question = question;
+    }
+
+    @Override
+    public boolean validate(String user, Type type, byte[] pass, Object state) {
+            if(user==null || type==null || pass==null) {
+                return false;
+            }
 
-	@Override
-	public boolean validate(String user, Type type, byte[] pass, Object state) {
-			try {
-				AuthzTrans trans;
-				if(state !=null) {
-					if(state instanceof AuthzTrans) {
-						trans = (AuthzTrans)state;
-					} else {
-						trans = env.newTransNoAvg();
-						if(state instanceof HttpServletRequest) {
-							trans.set((HttpServletRequest)state);
-						}
-					}
-				} else {
-					trans = env.newTransNoAvg();
-				}
-				Result<Date> result = question.doesUserCredMatch(trans, user, pass);
-				trans.logAuditTrail(env.info());
-				switch(result.status) {
-					case OK:
-						return true;
-					default:
-						String ip = trans.ip()==null?"":(", ip="+trans.ip());
-						env.warn().log(user, "failed password validation" + ip + ':',result.errorString());
-				}
-			} catch (DAOException e) {
-				env.error().log(e,"Cannot validate user/pass from cassandra");
-			}
-		return false;
-	}
+            try {
+                AuthzTrans trans;
+                boolean transfer = false;
+                if (state !=null) {
+                    if (state instanceof AuthzTrans) {
+                        trans = (AuthzTrans)state;
+                    } else {
+                        trans = env.newTransNoAvg();
+                        if (state instanceof HttpServletRequest) {
+                            trans.set((HttpServletRequest)state,null);
+                            transfer=true;
+                        }
+                    }
+                } else {
+                    trans = env.newTransNoAvg();
+                }
+                Result<Date> result = question.doesUserCredMatch(trans, user, pass);
+                if(transfer) {
+                    ((HttpServletRequest)state).setAttribute("CRED_TAG", trans.getTag());
+                }
+                trans.logAuditTrail(env.debug());
+                switch(result.status) {
+                    case OK:
+                        return true;
+                    default:
+                        String ip = trans.ip()==null?"":trans.ip();
+                        env.audit().printf("user=%s,tag=%s,ip=%s,msg=\"failed password validation: %s\"",user,trans.getTag(),ip,result.errorString());
+                }
+            } catch (DAOException e) {
+                env.error().log(e,"Cannot validate user/pass from cassandra");
+            }
+        return false;
+    }
 }