X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFAuthn.java;h=f74306fb46c087bb71632194fca9340928ec9f0f;hb=71ba4dc9540db18cc51e318df94c81e7b49613af;hp=bd94d0ad343113ef467bd807cc5f2161a7de239e;hpb=68a9a8d828dbc9ceea8f712a71e1e45866676037;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
index bd94d0ad..f74306fb 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
@@ -27,6 +27,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.onap.aaf.cadi.AbsUserCache;
+import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.CachedPrincipal;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.User;
@@ -107,7 +108,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
             }
         }
 
-        AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.cleanInterval);
+        AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.userExpires);
         // Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch
         // Statement
         switch(cp.revalidate(state)) {
@@ -115,13 +116,13 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
                 if (usr!=null) {
                     usr.principal = cp;
                 } else {
-                    addUser(new User<AAFPermission>(cp,con.timeout));
+                    addUser(new User<AAFPermission>(cp,con.userExpires));
                 }
                 return null;
             case INACCESSIBLE:
                 return "AAF Inaccessible";
             case UNVALIDATED:
-                addUser(new User<AAFPermission>(user,bytes,con.timeout));
+                addUser(new User<AAFPermission>(user,bytes,con.userExpires));
                 return "user/pass combo invalid for " + user;
             case DENIED:
                 return "AAF denies API for " + user;
@@ -141,6 +142,14 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
         }
 
         public Resp revalidate(Object state) {
+            int maxRetries = 15;
+            try { // these SHOULD be AAFConHttp and AAFLocator objects, but put in a try anyway to be safe
+                AAFConHttp forceCastCon = (AAFConHttp) con;
+                AAFLocator forceCastLoc = (AAFLocator) forceCastCon.hman().loc;
+                maxRetries = forceCastLoc.maxIters();
+            } catch (Exception e) {
+                access.log(Access.Level.DEBUG, e);
+            }
             List<URI> attemptedUris = new ArrayList<>();
             URI thisUri = null;
             for (int retries = 0;; retries++) {
@@ -160,7 +169,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
                         //       );
                         if (fp.get(con.timeout)) {
                             expires = System.currentTimeMillis() + timeToLive;
-                            addUser(new User<AAFPermission>(this, expires));
+                            addUser(new User<AAFPermission>(this, timeToLive));
                             return Resp.REVALIDATED;
                         } else {
                             addMiss(getName(), getCred());
@@ -174,7 +183,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
                         attemptedUris.add(thisUri);
                     }
                     con.access.log(e);
-                    if (retries > 2) {
+                    if (retries > maxRetries) {
                         return Resp.INACCESSIBLE;
                     }
                 }