X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Forg%2FOrganization.java;h=778eb295687a514b82ed6a0d1fdbbea7ebef43e6;hb=HEAD;hp=fd252fe475283b11952e47f2ed4db6f2022a251d;hpb=7e966914050e66219689001ff4ab601a49eef0ac;p=aaf%2Fauthz.git diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index fd252fe4..778eb295 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,13 +32,13 @@ import org.onap.aaf.auth.env.AuthzTrans; /** * Organization - * + * * There is Organizational specific information required which we have extracted to a plugin - * + * * It supports using Company Specific User Directory lookups, as well as supporting an * Approval/Validation Process to simplify control of Roles and Permissions for large organizations - * in lieu of direct manipulation by a set of Admins. - * + * in lieu of direct manipulation by a set of Admins. + * * @author Jonathan * */ @@ -55,7 +55,7 @@ public interface Organization { public String fullName(); public String firstName(); /** - * If Responsible entity, then String returned is "null" meaning "no Objection". + * If Responsible entity, then String returned is "null" meaning "no Objection". * If String exists, it is the Policy objection text setup by the entity. * @return */ @@ -64,6 +64,18 @@ public interface Organization { public boolean isPerson(); // Whether a Person or a Machine (App) public Organization org(); // Organization of Identity + + public static String mixedCase(String in) { + StringBuilder sb = new StringBuilder(); + for(int i=0;i getIdentityTypes(); @@ -176,30 +207,31 @@ public interface Organization { ERR_UserNotExist, ERR_NotificationFailure, }; - + public enum Expiration { Password, - TempPassword, + TempPassword, Future, UserInRole, - UserDelegate, - ExtendPassword + UserDelegate, + ExtendPassword, + RevokedGracePeriodEnds } - + public enum Policy { - CHANGE_JOB, - LEFT_COMPANY, - CREATE_MECHID, + CHANGE_JOB, + LEFT_COMPANY, + CREATE_MECHID, CREATE_MECHID_BY_PERM_ONLY, OWNS_MECHID, - AS_RESPONSIBLE, + AS_RESPONSIBLE, MAY_EXTEND_CRED_EXPIRES, MAY_APPLY_DEFAULT_REALM } - + /** * Notify a User of Action or Info - * + * * @param type * @param url * @param users (separated by commas) @@ -211,7 +243,7 @@ public interface Organization { /** * (more) generic way to send an email - * + * * @param toList * @param ccList * @param subject @@ -223,36 +255,36 @@ public interface Organization { /** * whenToValidate - * + * * Authz support services will ask the Organization Object at startup when it should - * kickoff Validation processes given particular types. - * + * kickoff Validation processes given particular types. + * * This allows the Organization to express Policy - * + * * Turn off Validation behavior by returning "null" - * + * */ public Date whenToValidate(Notify type, Date lastValidated); - + /** * Expiration - * + * * Given a Calendar item of Start (or now), set the Expiration Date based on the Policy * based on type. - * + * * For instance, "Passwords expire in 3 months" - * + * * The Extra Parameter is used by certain Orgs. - * + * * For Password, the extra is UserID, so it can check the User Type - * + * * @param gc * @param exp * @return */ public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String ... extra); - + /** * Get Email Warning timing policies * @return @@ -260,24 +292,36 @@ public interface Organization { public EmailWarnings emailWarningPolicy(); /** - * + * * @param trans * @param user * @return */ public List getApprovers(AuthzTrans trans, String user) throws OrganizationException ; - + + /** + * Get Identities for Escalation Level + * 1 = self + * 2 = expects both self and immediate responsible party + * 3 = expects self, immediate report and any higher that the Organization wants to escalate to in the + * hierarchy. + * + * Note: this is used to notify of imminent danger of Application's Cred or Role expirations. + */ + public List getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException ; + + /* - * + * * @param user * @param type * @param users * @return public Response notifyRequest(AuthzTrans trans, String user, Approval type, List approvers); */ - + /** - * + * * @return */ public String getApproverType(); @@ -285,7 +329,7 @@ public interface Organization { /* * startOfDay - define for company what hour of day business starts (specifically for password and other expiration which * were set by Date only.) - * + * * @return */ public int startOfDay(); @@ -299,12 +343,22 @@ public interface Organization { * @return */ public boolean canHaveMultipleCreds(String id); - + boolean isTestEnv(); public void setTestMode(boolean dryRun); - public static final Organization NULL = new Organization() + /** + * Evaluates a user to determine if they are exempt from role and cred expiration. + * Returns true if true, false if false. Default implementation is always false. + * + * @param user + * @param expires + * @return + */ + public boolean isUserExpireExempt(String user, Date expires); + + public static final Organization NULL = new Organization() { private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1); private final List nullList = new ArrayList<>(); @@ -321,27 +375,27 @@ public interface Organization { public String mayOwn() { return N_A; // negative case } - + @Override public boolean isFound() { return false; } - + @Override public String id() { return N_A; } - + @Override public String fullID() { return N_A; } - + @Override public String email() { return N_A; } - + @Override public List delegate() { return nullUser; @@ -372,12 +426,12 @@ public interface Organization { public String getName() { return N_A; } - + @Override public String getRealm() { return N_A; } - + @Override public boolean supportsRealm(String r) { return false; @@ -386,92 +440,97 @@ public interface Organization { @Override public void addSupportedRealm(String r) { } + + @Override + public String supportedDomain(String r) { + return null; + } @Override public String getDomain() { return N_A; } - + @Override public Identity getIdentity(AuthzTrans trans, String id) { return nullIdentity; } - + @Override public String isValidID(final AuthzTrans trans, String id) { return N_A; } - + @Override public String isValidPassword(final AuthzTrans trans, final String user, final String password, final String... prev) { return N_A; } - + @Override public Set getIdentityTypes() { return nullStringSet; } - + @Override public Response notify(AuthzTrans trans, Notify type, String url, String[] users, String[] ccs, String summary, Boolean urgent) { return Response.ERR_NotImplemented; } - + @Override public int sendEmail(AuthzTrans trans, List toList, List ccList, String subject, String body, Boolean urgent) throws OrganizationException { return 0; } - + @Override public Date whenToValidate(Notify type, Date lastValidated) { return gc.getTime(); } - + @Override public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String... extra) { return gc; } - + @Override public List getApprovers(AuthzTrans trans, String user) throws OrganizationException { return nullList; } - + @Override public String getApproverType() { return ""; } - + @Override public int startOfDay() { return 0; } - + @Override public boolean canHaveMultipleCreds(String id) { return false; } - + @Override public boolean isValidCred(final AuthzTrans trans, final String id) { return false; } - + @Override public String validate(AuthzTrans trans, Policy policy, Executor executor, String ... vars) throws OrganizationException { return "Null Organization rejects all Policies"; } - + @Override public boolean isTestEnv() { return false; } - + @Override public void setTestMode(boolean dryRun) { } @@ -485,24 +544,24 @@ public interface Organization { { return 604800000L; // 7 days in millis 1000 * 86400 * 7 } - + @Override public long roleEmailInterval() { return 604800000L; // 7 days in millis 1000 * 86400 * 7 } - + @Override public long apprEmailInterval() { return 259200000L; // 3 days in millis 1000 * 86400 * 3 } - + @Override public long credExpirationWarning() { return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds } - + @Override public long roleExpirationWarning() { @@ -516,15 +575,33 @@ public interface Organization { } }; + + } @Override public String[] getPasswordRules() { - return nullStringArray; + return nullStringArray; } - }; + @Override + public Date isRevoked(AuthzTrans trans, String id) { + // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table. + return null; + } + + @Override + public List getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUserExpireExempt(String user, Date expires) { + return false; + } + }; }