X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFTaf.java;h=99c3c3fca779db88fb8ca43a0505b5ac8f2ff640;hb=59ffb7d529245c3bd0233dbf6cb0ae9fe9ccb856;hp=d4d11bbbe1e2438e2be333e147f45362f8a6d49b;hpb=7e966914050e66219689001ff4ab601a49eef0ac;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java index d4d11bbb..99c3c3fc 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java @@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0; import java.io.IOException; import java.security.Principal; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.onap.aaf.cadi.AbsUserCache; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CachedPrincipal; @@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.principal.BasicPrincipal; import org.onap.aaf.cadi.principal.CachedBasicPrincipal; import org.onap.aaf.cadi.taf.HttpTaf; import org.onap.aaf.cadi.taf.TafResp; import org.onap.aaf.cadi.taf.TafResp.RESP; import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; public class AAFTaf extends AbsUserCache implements HttpTaf { private AAFCon aaf; private boolean warn; - + private MapBathConverter mapIds; + public AAFTaf(AAFCon con, boolean turnOnWarning) { super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount); aaf = con; warn = turnOnWarning; + initMapBathConverter(); } public AAFTaf(AAFCon con, boolean turnOnWarning, AbsUserCache other) { super(other); aaf = con; warn = turnOnWarning; + initMapBathConverter(); + } // Note: Needed for Creation of this Object with Generics @@ -78,6 +86,20 @@ public class AAFTaf extends AbsUserCache implements HttpT this((AAFCon)mustBeAAFCon,turnOnWarning); } + private void initMapBathConverter() { + String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null); + if(csvFile==null) { + mapIds=null; + } else { + try { + mapIds = new MapBathConverter(access, new CSV(access,csvFile)); + access.log(Level.INIT,"Basic Auth Conversion using",csvFile,"enabled" ); + } catch (IOException | CadiException e) { + access.log(e,"Bath Map Conversion is not initialized (non fatal)"); + } + } + + } public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) { //TODO Do we allow just anybody to validate? @@ -88,6 +110,10 @@ public class AAFTaf extends AbsUserCache implements HttpT if (warn&&!req.isSecure()) { aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel"); } + if(mapIds != null) { + authz = mapIds.convert(access, authz); + } + try { final CachedBasicPrincipal bp; if (req.getUserPrincipal() instanceof CachedBasicPrincipal) { @@ -184,7 +210,7 @@ public class AAFTaf extends AbsUserCache implements HttpT if (prin instanceof BasicPrincipal) { Future fp; try { - Rcli userAAF = aaf.client(Config.AAF_DEFAULT_VERSION).forUser(aaf.transferSS((BasicPrincipal)prin)); + Rcli userAAF = aaf.client().forUser(aaf.transferSS((BasicPrincipal)prin)); fp = userAAF.read("/authn/basicAuth", "text/plain"); return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED; } catch (Exception e) {