X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFAuthn.java;h=e16782fa853347a0f149edb0c8bbfd81edd2ab70;hb=HEAD;hp=bd94d0ad343113ef467bd807cc5f2161a7de239e;hpb=f6c52528524b737706a67e26c83b580021fbd621;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
index bd94d0ad..e16782fa 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
@@ -27,12 +27,14 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.onap.aaf.cadi.AbsUserCache;
+import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.CachedPrincipal;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.User;
 import org.onap.aaf.cadi.aaf.AAFPermission;
 import org.onap.aaf.cadi.client.Future;
 import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.locator.SingleEndpointLocator;
 import org.onap.aaf.cadi.lur.ConfigPrincipal;
 
 import aaf.v2_0.CredRequest;
@@ -107,7 +109,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
             }
         }
 
-        AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.cleanInterval);
+        AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.userExpires);
         // Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch
         // Statement
         switch(cp.revalidate(state)) {
@@ -115,13 +117,13 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
                 if (usr!=null) {
                     usr.principal = cp;
                 } else {
-                    addUser(new User<AAFPermission>(cp,con.timeout));
+                    addUser(new User<AAFPermission>(cp,con.userExpires));
                 }
                 return null;
             case INACCESSIBLE:
                 return "AAF Inaccessible";
             case UNVALIDATED:
-                addUser(new User<AAFPermission>(user,bytes,con.timeout));
+                addUser(new User<AAFPermission>(user,bytes,con.userExpires));
                 return "user/pass combo invalid for " + user;
             case DENIED:
                 return "AAF denies API for " + user;
@@ -141,26 +143,33 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
         }
 
         public Resp revalidate(Object state) {
+            int maxRetries = 15;
+            try { // these SHOULD be an AAFConHttp and a AAFLocator or SingleEndpointLocator objects, but put in a try to be safe
+                AAFConHttp forceCastCon = (AAFConHttp) con;
+                if (forceCastCon.hman().loc instanceof SingleEndpointLocator) {
+                    maxRetries = 1; // we cannot retry the single LGW gateway!
+                } else {
+                    AAFLocator forceCastLoc = (AAFLocator) forceCastCon.hman().loc;
+                    maxRetries = forceCastLoc.maxIters();
+                }
+            } catch (Exception e) {
+                access.log(Access.Level.DEBUG, e);
+            }
             List<URI> attemptedUris = new ArrayList<>();
             URI thisUri = null;
             for (int retries = 0;; retries++) {
                 try {
                     Miss missed = missed(getName(), getCred());
                     if (missed == null || missed.mayContinue()) {
-                        CredRequest cr = new CredRequest();
-                        cr.setId(getName());
-                        cr.setPassword(new String(getCred()));
-                        Rcli<CLIENT> client = con.clientIgnoreAlreadyAttempted(attemptedUris);
+                        Rcli<CLIENT> client = con.clientIgnoreAlreadyAttempted(attemptedUris).forUser(con.basicAuth(getName(), new String(getCred())));
                         thisUri = client.getURI();
-                        Future<String> fp = client.readPost("/authn/validate", con.credReqDF, cr);
-                        //Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred())));
-                        //Future<String> fp = client.read(
-                        //        "/authn/basicAuth",
-                        //        "text/plain"
-                        //       );
+                        Future<String> fp = client.read(
+                                "/authn/basicAuth",
+                                "text/plain"
+                               );
                         if (fp.get(con.timeout)) {
                             expires = System.currentTimeMillis() + timeToLive;
-                            addUser(new User<AAFPermission>(this, expires));
+                            addUser(new User<AAFPermission>(this, timeToLive));
                             return Resp.REVALIDATED;
                         } else {
                             addMiss(getName(), getCred());
@@ -174,7 +183,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
                         attemptedUris.add(thisUri);
                     }
                     con.access.log(e);
-                    if (retries > 2) {
+                    if (retries > maxRetries) {
                         return Resp.INACCESSIBLE;
                     }
                 }