X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2FAAFPermission.java;h=8c39e44db42e23a705bb35e3230b5f03e60751a4;hb=3d1706fcbe7f95830ff6fd23cf679ee55c6d0595;hp=c4ca808276198a7575ba3eb1966867667ea34e3f;hpb=047edb5a4312cc7dfb3172b7e11ab1a9e2315ba2;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java index c4ca8082..8c39e44d 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java @@ -35,154 +35,157 @@ import org.onap.aaf.misc.env.util.Split; * */ public class AAFPermission implements Permission { - private static final List NO_ROLES; - protected String ns,type,instance,action,key; - private List roles; - - static { - NO_ROLES = new ArrayList<>(); - } + private static final List NO_ROLES; + protected String ns,type,instance,action,key; + private List roles; + + static { + NO_ROLES = new ArrayList<>(); + } - protected AAFPermission() {roles=NO_ROLES;} + protected AAFPermission() {roles=NO_ROLES;} - public AAFPermission(String ns, String name, String instance, String action) { - this.ns = ns; - type = name; - this.instance = instance; - this.action = action; - if(ns==null) { - key = type + '|' + instance + '|' + action; - } else { - key = ns + '|' + type + '|' + instance + '|' + action; - } - this.roles = NO_ROLES; + public AAFPermission(String ns, String name, String instance, String action) { + this.ns = ns; + type = name; + this.instance = instance; + this.action = action; + if (ns==null) { + key = type + '|' + instance + '|' + action; + } else { + key = ns + '|' + type + '|' + instance + '|' + action; + } + this.roles = NO_ROLES; - } + } - public AAFPermission(String ns, String name, String instance, String action, List roles) { - this.ns = ns; - type = name; - this.instance = instance; - this.action = action; - if(ns==null) { - key = type + '|' + instance + '|' + action; - } else { - key = ns + '|' + type + '|' + instance + '|' + action; - } - this.roles = roles==null?NO_ROLES:roles; - } - - /** - * Match a Permission - * if Permission is Fielded type "Permission", we use the fields - * otherwise, we split the Permission with '|' - * - * when the type or action starts with REGEX indicator character ( ! ), - * then it is evaluated as a regular expression. - * - * If you want a simple field comparison, it is faster without REGEX - */ - public boolean match(Permission p) { - String aafNS; - String aafType; - String aafInstance; - String aafAction; - if(p instanceof AAFPermission) { - AAFPermission ap = (AAFPermission)p; - // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy - // Current solution is only allow direct match on Type. - // 8/28/2014 Jonathan - added REGEX ability - aafNS = ap.getNS(); - aafType = ap.getType(); - aafInstance = ap.getInstance(); - aafAction = ap.getAction(); - } else { - // Permission is concatenated together: separated by - String[] aaf = Split.splitTrim('|', p.getKey()); - switch(aaf.length) { - case 1: - aafNS = aaf[0]; - aafType=""; - aafInstance = aafAction = "*"; - break; - case 2: - aafNS = aaf[0]; - aafType = aaf[1]; - aafInstance = aafAction = "*"; - break; - case 3: - aafNS = aaf[0]; - aafType = aaf[1]; - aafInstance = aaf[2]; - aafAction = "*"; - break; - default: - aafNS = aaf[0]; - aafType = aaf[1]; - aafInstance = aaf[2]; - aafAction = aaf[3]; - break; - } - } - boolean typeMatches; - if(aafNS==null) { - if(ns==null) { - typeMatches = aafType.equals(type); - } else { - typeMatches = aafType.equals(ns+'.'+type); - } - } else if(ns==null) { - typeMatches = type.equals(aafNS+'.'+aafType); - } else if(aafNS.length() == ns.length()) { - typeMatches = aafNS.equals(ns) && aafType.equals(type); - } else { // Allow for restructuring of NS/Perm structure - typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type); - } - return (typeMatches && - PermEval.evalInstance(instance, aafInstance) && - PermEval.evalAction(action, aafAction)); - } + public AAFPermission(String ns, String name, String instance, String action, List roles) { + this.ns = ns; + type = name; + this.instance = instance; + this.action = action; + if (ns==null) { + key = type + '|' + instance + '|' + action; + } else { + key = ns + '|' + type + '|' + instance + '|' + action; + } + this.roles = roles==null?NO_ROLES:roles; + } + + /** + * Match a Permission + * if Permission is Fielded type "Permission", we use the fields + * otherwise, we split the Permission with '|' + * + * when the type or action starts with REGEX indicator character ( ! ), + * then it is evaluated as a regular expression. + * + * If you want a simple field comparison, it is faster without REGEX + */ + public boolean match(Permission p) { + if(p==null) { + return false; + } + String aafNS; + String aafType; + String aafInstance; + String aafAction; + if (p instanceof AAFPermission) { + AAFPermission ap = (AAFPermission)p; + // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy + // Current solution is only allow direct match on Type. + // 8/28/2014 Jonathan - added REGEX ability + aafNS = ap.getNS(); + aafType = ap.getType(); + aafInstance = ap.getInstance(); + aafAction = ap.getAction(); + } else { + // Permission is concatenated together: separated by + String[] aaf = Split.splitTrim('|', p.getKey()); + switch(aaf.length) { + case 1: + aafNS = aaf[0]; + aafType=""; + aafInstance = aafAction = "*"; + break; + case 2: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aafAction = "*"; + break; + case 3: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aaf[2]; + aafAction = "*"; + break; + default: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aaf[2]; + aafAction = aaf[3]; + break; + } + } + boolean typeMatches; + if (aafNS==null) { + if (ns==null) { + typeMatches = aafType.equals(type); + } else { + typeMatches = aafType.equals(ns+'.'+type); + } + } else if (ns==null) { + typeMatches = type.equals(aafNS+'.'+aafType); + } else if (aafNS.length() == ns.length()) { + typeMatches = aafNS.equals(ns) && aafType.equals(type); + } else { // Allow for restructuring of NS/Perm structure + typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type); + } + return (typeMatches && + PermEval.evalInstance(instance, aafInstance) && + PermEval.evalAction(action, aafAction)); + } - public String getNS() { - return ns; - } + public String getNS() { + return ns; + } - public String getType() { - return type; - } + public String getType() { + return type; + } - public String getFullType() { - return ns + '.' + type; - } - - public String getInstance() { - return instance; - } - - public String getAction() { - return action; - } - - public String getKey() { - return key; - } + public String getFullType() { + return ns + '.' + type; + } + + public String getInstance() { + return instance; + } + + public String getAction() { + return action; + } + + public String getKey() { + return key; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Permission#permType() - */ - public String permType() { - return "AAF"; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Permission#permType() + */ + public String permType() { + return "AAF"; + } - public List roles() { - return roles; - } - public String toString() { - return "AAFPermission:" + - "\n\tNS: " + ns + - "\n\tType: " + type + - "\n\tInstance: " + instance + - "\n\tAction: " + action + - "\n\tKey: " + key; - } + public List roles() { + return roles; + } + public String toString() { + return "AAFPermission:" + + "\n\tNS: " + ns + + "\n\tType: " + type + + "\n\tInstance: " + instance + + "\n\tAction: " + action + + "\n\tKey: " + key; + } }