X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Folur%2FOLur.java;h=5b78585dfaf031edb8ef77583d9d1ae0d6e0f893;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=95dd9a39395b48d418ab9e7784a6f1becc07a243;hpb=32cdd553a8668e6d03a9cf5b11b360d35a63c87f;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java index 95dd9a39..5b78585d 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -46,130 +46,132 @@ import org.onap.aaf.misc.env.util.Pool.Pooled; import org.onap.aaf.misc.env.util.Split; public class OLur extends AbsOTafLur implements Lur { - public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException { - super(access, token_url, introspect_url); - } + public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException { + super(access, token_url, introspect_url); + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission) + */ + @Override + public boolean fish(Principal bait, Permission ... pond) { + TokenPerm tp; + if (bait instanceof OAuth2Principal) { + OAuth2Principal oa2p = (OAuth2Principal)bait; + tp = oa2p.tokenPerm(); + } else { + tp=null; + } + if (tp==null) { + // if no Token Perm preset, get + try { + Pooled tcp = tokenClientPool.get(); + try { + TokenClient tc = tcp.content; + tc.username(bait.getName()); + Set scopeSet = new HashSet<>(); + scopeSet.add(tc.defaultScope()); + AAFPermission ap; + for (Permission p : pond) { + if (p instanceof AAFPermission) { + ap = (AAFPermission)p; + scopeSet.add(ap.getNS()); + } + } + String[] scopes = new String[scopeSet.size()]; + scopeSet.toArray(scopes); + + Result rtt = tc.getToken(Kind.getKind(bait),scopes); + if (rtt.isOK()) { + Result rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes()); + if (rtp.isOK()) { + tp = rtp.value; + } + } + } finally { + tcp.done(); + } + } catch (APIException | LocatorException | CadiException e) { + access.log(e, "Unable to Get a Token"); + } + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission) - */ - @Override - public boolean fish(Principal bait, Permission ... pond) { - TokenPerm tp; - if(bait instanceof OAuth2Principal) { - OAuth2Principal oa2p = (OAuth2Principal)bait; - tp = oa2p.tokenPerm(); - } else { - tp=null; - } - if(tp==null) { - // if no Token Perm preset, get - try { - Pooled tcp = tokenClientPool.get(); - try { - TokenClient tc = tcp.content; - tc.username(bait.getName()); - Set scopeSet = new HashSet<>(); - scopeSet.add(tc.defaultScope()); - AAFPermission ap; - for (Permission p : pond) { - ap = (AAFPermission)p; - scopeSet.add(ap.getNS()); - } - String[] scopes = new String[scopeSet.size()]; - scopeSet.toArray(scopes); - - Result rtt = tc.getToken(Kind.getKind(bait),scopes); - if(rtt.isOK()) { - Result rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes()); - if(rtp.isOK()) { - tp = rtp.value; - } - } - } finally { - tcp.done(); - } - } catch (APIException | LocatorException | CadiException e) { - access.log(e, "Unable to Get a Token"); - } - } - - boolean rv = false; - if(tp!=null) { - if(tkMgr.access.willLog(Level.DEBUG)) { - StringBuilder sb = new StringBuilder("AAF Permissions for user "); - sb.append(bait.getName()); - sb.append(", from token "); - sb.append(tp.get().getAccessToken()); - for (AAFPermission p : tp.perms()) { - sb.append("\n\t["); - sb.append(p.getNS()); - sb.append(']'); - sb.append(p.getType()); - sb.append('|'); - sb.append(p.getInstance()); - sb.append('|'); - sb.append(p.getAction()); - } - sb.append('\n'); - access.log(Level.DEBUG, sb); - } - for (Permission p : pond) { - if(rv) { - break; - } - for (AAFPermission perm : tp.perms()) { - if (rv=perm.match(p)) { - break; - } - } - } - } - return rv; - } + boolean rv = false; + if (tp!=null) { + if (tkMgr.access.willLog(Level.DEBUG)) { + StringBuilder sb = new StringBuilder("AAF Permissions for user "); + sb.append(bait.getName()); + sb.append(", from token "); + sb.append(tp.get().getAccessToken()); + for (AAFPermission p : tp.perms()) { + sb.append("\n\t["); + sb.append(p.getNS()); + sb.append(']'); + sb.append(p.getType()); + sb.append('|'); + sb.append(p.getInstance()); + sb.append('|'); + sb.append(p.getAction()); + } + sb.append('\n'); + access.log(Level.DEBUG, sb); + } + for (Permission p : pond) { + if (rv) { + break; + } + for (AAFPermission perm : tp.perms()) { + if (rv=perm.match(p)) { + break; + } + } + } + } + return rv; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List) - */ - @Override - public void fishAll(Principal bait, List permissions) { - if(bait instanceof OAuth2Principal) { - for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) { - permissions.add(p); - } - } - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List) + */ + @Override + public void fishAll(Principal bait, List permissions) { + if (bait instanceof OAuth2Principal) { + for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) { + permissions.add(p); + } + } + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission) - */ - @Override - public boolean handlesExclusively(Permission ... pond) { - return false; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission) + */ + @Override + public boolean handlesExclusively(Permission ... pond) { + return false; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) - */ - @Override - public boolean handles(Principal principal) { - return principal instanceof OAuth2Principal; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) + */ + @Override + public boolean handles(Principal principal) { + return principal instanceof OAuth2Principal; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) - */ - @Override - public Permission createPerm(final String p) { - String[] s = Split.split('|',p); - switch(s.length) { - case 3: - return new AAFPermission(null, s[0],s[1],s[2]); - case 4: - return new AAFPermission(s[0],s[1],s[2],s[3]); - default: - return new LocalPermission(p); - } - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) + */ + @Override + public Permission createPerm(final String p) { + String[] s = Split.split('|',p); + switch(s.length) { + case 3: + return new AAFPermission(null, s[0],s[1],s[2]); + case 4: + return new AAFPermission(s[0],s[1],s[2],s[3]); + default: + return new LocalPermission(p); + } + } }