X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2FAAFPermission.java;h=8c39e44db42e23a705bb35e3230b5f03e60751a4;hb=3d1706fcbe7f95830ff6fd23cf679ee55c6d0595;hp=e586d9919277d9a30cd9efd50300ee4167fedd74;hpb=dcc96de091a1a9c800030cf95b5231b4b0a3e340;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java index e586d991..8c39e44d 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java @@ -25,6 +25,7 @@ import java.util.ArrayList; import java.util.List; import org.onap.aaf.cadi.Permission; +import org.onap.aaf.misc.env.util.Split; /** * A Class that understands the AAF format of Permission (name/type/action) @@ -34,96 +35,157 @@ import org.onap.aaf.cadi.Permission; * */ public class AAFPermission implements Permission { - private static final List NO_ROLES; - protected String type,instance,action,key; - private List roles; - - static { - NO_ROLES = new ArrayList(); - } + private static final List NO_ROLES; + protected String ns,type,instance,action,key; + private List roles; + + static { + NO_ROLES = new ArrayList<>(); + } - protected AAFPermission() {roles=NO_ROLES;} + protected AAFPermission() {roles=NO_ROLES;} - public AAFPermission(String type, String instance, String action) { - this.type = type; - this.instance = instance; - this.action = action; - key = type + '|' + instance + '|' + action; - this.roles = NO_ROLES; + public AAFPermission(String ns, String name, String instance, String action) { + this.ns = ns; + type = name; + this.instance = instance; + this.action = action; + if (ns==null) { + key = type + '|' + instance + '|' + action; + } else { + key = ns + '|' + type + '|' + instance + '|' + action; + } + this.roles = NO_ROLES; - } - public AAFPermission(String type, String instance, String action, List roles) { - this.type = type; - this.instance = instance; - this.action = action; - key = type + '|' + instance + '|' + action; - this.roles = roles==null?NO_ROLES:roles; - } - - /** - * Match a Permission - * if Permission is Fielded type "Permission", we use the fields - * otherwise, we split the Permission with '|' - * - * when the type or action starts with REGEX indicator character ( ! ), - * then it is evaluated as a regular expression. - * - * If you want a simple field comparison, it is faster without REGEX - */ - public boolean match(Permission p) { - String aafType; - String aafInstance; - String aafAction; - if(p instanceof AAFPermission) { - AAFPermission ap = (AAFPermission)p; - // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy - // Current solution is only allow direct match on Type. - // 8/28/2014 Jonathan - added REGEX ability - aafType = ap.getName(); - aafInstance = ap.getInstance(); - aafAction = ap.getAction(); - } else { - // Permission is concatenated together: separated by | - String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3); - aafType = aaf[0]; - aafInstance = (aaf.length > 1) ? aaf[1] : "*"; - aafAction = (aaf.length > 2) ? aaf[2] : "*"; - } - return ((type.equals(aafType)) && - (PermEval.evalInstance(instance, aafInstance)) && - (PermEval.evalAction(action, aafAction))); - } + } - public String getName() { - return type; - } - - public String getInstance() { - return instance; - } - - public String getAction() { - return action; - } - - public String getKey() { - return key; - } + public AAFPermission(String ns, String name, String instance, String action, List roles) { + this.ns = ns; + type = name; + this.instance = instance; + this.action = action; + if (ns==null) { + key = type + '|' + instance + '|' + action; + } else { + key = ns + '|' + type + '|' + instance + '|' + action; + } + this.roles = roles==null?NO_ROLES:roles; + } + + /** + * Match a Permission + * if Permission is Fielded type "Permission", we use the fields + * otherwise, we split the Permission with '|' + * + * when the type or action starts with REGEX indicator character ( ! ), + * then it is evaluated as a regular expression. + * + * If you want a simple field comparison, it is faster without REGEX + */ + public boolean match(Permission p) { + if(p==null) { + return false; + } + String aafNS; + String aafType; + String aafInstance; + String aafAction; + if (p instanceof AAFPermission) { + AAFPermission ap = (AAFPermission)p; + // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy + // Current solution is only allow direct match on Type. + // 8/28/2014 Jonathan - added REGEX ability + aafNS = ap.getNS(); + aafType = ap.getType(); + aafInstance = ap.getInstance(); + aafAction = ap.getAction(); + } else { + // Permission is concatenated together: separated by + String[] aaf = Split.splitTrim('|', p.getKey()); + switch(aaf.length) { + case 1: + aafNS = aaf[0]; + aafType=""; + aafInstance = aafAction = "*"; + break; + case 2: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aafAction = "*"; + break; + case 3: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aaf[2]; + aafAction = "*"; + break; + default: + aafNS = aaf[0]; + aafType = aaf[1]; + aafInstance = aaf[2]; + aafAction = aaf[3]; + break; + } + } + boolean typeMatches; + if (aafNS==null) { + if (ns==null) { + typeMatches = aafType.equals(type); + } else { + typeMatches = aafType.equals(ns+'.'+type); + } + } else if (ns==null) { + typeMatches = type.equals(aafNS+'.'+aafType); + } else if (aafNS.length() == ns.length()) { + typeMatches = aafNS.equals(ns) && aafType.equals(type); + } else { // Allow for restructuring of NS/Perm structure + typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type); + } + return (typeMatches && + PermEval.evalInstance(instance, aafInstance) && + PermEval.evalAction(action, aafAction)); + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Permission#permType() - */ - public String permType() { - return "AAF"; - } + public String getNS() { + return ns; + } - public List roles() { - return roles; - } - public String toString() { - return "AAFPermission:\n\tType: " + type + - "\n\tInstance: " + instance + - "\n\tAction: " + action + - "\n\tKey: " + key; - } + public String getType() { + return type; + } + + public String getFullType() { + return ns + '.' + type; + } + + public String getInstance() { + return instance; + } + + public String getAction() { + return action; + } + + public String getKey() { + return key; + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Permission#permType() + */ + public String permType() { + return "AAF"; + } + + public List roles() { + return roles; + } + public String toString() { + return "AAFPermission:" + + "\n\tNS: " + ns + + "\n\tType: " + type + + "\n\tInstance: " + instance + + "\n\tAction: " + action + + "\n\tKey: " + key; + } }