X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFTrustChecker.java;h=e912fc53a542f8f4d961f04b2fe9576820f97efd;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=bf85beef649af5781b8f7f32ef6cb511041d533d;hpb=3aca33c5bb9af1ba4df574ceb90435f54d14ccf5;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
index bf85beef..e912fc53 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest ;
 import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.Lur;
 import org.onap.aaf.cadi.TrustChecker;
+import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.aaf.AAFPermission;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.principal.TrustPrincipal;
@@ -36,91 +37,93 @@ import org.onap.aaf.misc.env.Env;
 import org.onap.aaf.misc.env.util.Split;
 
 public class AAFTrustChecker implements TrustChecker {
-	private final String tag, id;
-	private final AAFPermission perm;
-	private Lur lur;
+    private final String tag, id;
+    private final AAFPermission perm;
+    private Lur lur;
 
-	/**
-	 *
-	 * Instance will be replaced by Identity
-	 * @param lur
-	 *
-	 * @param tag
-	 * @param perm
-	 */
-	public AAFTrustChecker(final Env env) {
-		tag = env.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);
-		id = env.getProperty(Config.CADI_ALIAS,env.getProperty(Config.AAF_APPID)); // share between components
-		String str = env.getProperty(Config.CADI_TRUST_PERM);
-		AAFPermission temp=null;
-		if(str!=null) {
-			String[] sp = Split.splitTrim('|', str);
-			switch(sp.length) {
-				case 3:
-					temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
-					break;
-				case 4:
-					temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
-					break;
-			}
-		}
-		perm=temp;
-	}
+    /**
+     *
+     * Instance will be replaced by Identity
+     * @param lur
+     *
+     * @param tag
+     * @param perm
+     */
+    public AAFTrustChecker(final Env env) {
+        tag = env.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);
+        id = env.getProperty(Config.CADI_ALIAS,env.getProperty(Config.AAF_APPID)); // share between components
+        String str = env.getProperty(Config.CADI_TRUST_PERM);
+        AAFPermission temp=null;
+        if (str!=null) {
+            String[] sp = Split.splitTrim('|', str);
+            switch(sp.length) {
+                case 3:
+                    temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+                    break;
+                case 4:
+                    temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+                    break;
+            }
+        }
+        perm=temp;
+    }
 
-	public AAFTrustChecker(final Access access) {
-		tag = access.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);
-		id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_APPID,null)); // share between components
-		String str = access.getProperty(Config.CADI_TRUST_PERM,null);
-		AAFPermission temp=null;
-		if(str!=null) {
-			String[] sp = Split.splitTrim('|', str);
-			switch(sp.length) {
-				case 3:
-					temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
-					break;
-				case 4:
-					temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
-					break;
-			}
-		}
-		perm=temp;
-	}
+    public AAFTrustChecker(final Access access) {
+        tag = access.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);
+        id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_APPID,null)); // share between components
+        String str = access.getProperty(Config.CADI_TRUST_PERM,null);
+        AAFPermission temp=null;
+        if (str!=null) {
+            String[] sp = Split.splitTrim('|', str);
+            switch(sp.length) {
+                case 3:
+                    temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+                    break;
+                case 4:
+                    temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+                    break;
+            }
+        }
+        perm=temp;
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.cadi.TrustChecker#setLur(org.onap.aaf.cadi.Lur)
-	 */
-	@Override
-	public void setLur(Lur lur) {
-		this.lur = lur;
-	}
+    /* (non-Javadoc)
+     * @see org.onap.aaf.cadi.TrustChecker#setLur(org.onap.aaf.cadi.Lur)
+     */
+    @Override
+    public void setLur(Lur lur) {
+        this.lur = lur;
+    }
 
-	@Override
-	public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {
-		String user_info = req.getHeader(tag);
-		if (user_info == null) {
-			return tresp;
-		}
+    @Override
+    public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {
+        String user_info = req.getHeader(tag);
+        if (user_info == null) {
+            return tresp;
+        }
 
-		String[] info = Split.split(',', user_info);
-		String[] flds = Split.splitTrim(':', info[0]);
-		if (flds.length < 4) {
-			return tresp;
-		}
-		if (!("AS".equals(flds[3]))) { // is it set for "AS"
-			return tresp;
-		}
+        tresp.getAccess().log(Level.DEBUG, user_info);
 
-		String principalName = tresp.getPrincipal().getName();
-		if(principalName.equals(id)  // We do trust our own App Components: if a trust entry is made with self, always accept
-				|| lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
-			String desc = "  " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',';
-			return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc);
-		} else if(principalName.equals(flds[0])) { // Ignore if same identity
-			return tresp;
-		} else {
-			String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization";
-			return new TrustNotTafResp(tresp, desc);
-		}
-	}
+        String[] info = Split.split(',', user_info);
+        String[] flds = Split.splitTrim(':', info[0]);
+        if (flds.length < 4) {
+            return tresp;
+        }
+        if (!("AS".equals(flds[3]))) { // is it set for "AS"
+            return tresp;
+        }
+
+        String principalName = tresp.getPrincipal().getName();
+        if (principalName.equals(id)  // We do trust our own App Components: if a trust entry is made with self, always accept
+                || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
+            String desc = "  " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',';
+            return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc);
+        } else if (principalName.equals(flds[0])) { // Ignore if same identity
+            return tresp;
+        } else {
+            String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization";
+            return new TrustNotTafResp(tresp, desc);
+        }
+    }
 
 }
\ No newline at end of file