X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Folur%2FOLur.java;h=b85e311d14ec946b2649e3f00786fb4ac224d517;hb=7e966914050e66219689001ff4ab601a49eef0ac;hp=74d88fc26cb0408cecb7cdf680bed7b7589675bd;hpb=a20accc73189d8e5454cd26049c0e6fae75da16f;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java index 74d88fc2..b85e311d 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java @@ -22,16 +22,19 @@ package org.onap.aaf.cadi.olur; import java.security.Principal; +import java.util.HashSet; import java.util.List; +import java.util.Set; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.client.Result; +import org.onap.aaf.cadi.lur.LocalPermission; import org.onap.aaf.cadi.oauth.AbsOTafLur; import org.onap.aaf.cadi.oauth.OAuth2Principal; import org.onap.aaf.cadi.oauth.TimedToken; @@ -39,112 +42,136 @@ import org.onap.aaf.cadi.oauth.TokenClient; import org.onap.aaf.cadi.oauth.TokenPerm; import org.onap.aaf.cadi.principal.Kind; import org.onap.aaf.misc.env.APIException; -import org.onap.aaf.misc.env.util.Split; import org.onap.aaf.misc.env.util.Pool.Pooled; +import org.onap.aaf.misc.env.util.Split; public class OLur extends AbsOTafLur implements Lur { - public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException { - super(access, token_url, introspect_url); - } + public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException { + super(access, token_url, introspect_url); + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission) - */ - @Override - public boolean fish(Principal bait, Permission pond) { - TokenPerm tp; - if(bait instanceof OAuth2Principal) { - OAuth2Principal oa2p = (OAuth2Principal)bait; - tp = oa2p.tokenPerm(); - } else { - tp=null; - } - if(tp==null) { - // if no Token Perm preset, get - try { - Pooled tcp = tokenClientPool.get(); - try { - TokenClient tc = tcp.content; - tc.username(bait.getName()); - Result rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope()); - if(rtt.isOK()) { - Result rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes()); - if(rtp.isOK()) { - tp = rtp.value; - } - } - } finally { - tcp.done(); - } - } catch (APIException | LocatorException | CadiException e) { - access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage()); - } - } - if(tp!=null) { - if(tkMgr.access.willLog(Level.DEBUG)) { - StringBuilder sb = new StringBuilder("AAF Permissions for user "); - sb.append(bait.getName()); - sb.append(", from token "); - sb.append(tp.get().getAccessToken()); - for (AAFPermission p : tp.perms()) { - sb.append("\n\t"); - sb.append(p.getName()); - sb.append('|'); - sb.append(p.getInstance()); - sb.append('|'); - sb.append(p.getAction()); - } - sb.append('\n'); - access.log(Level.DEBUG, sb); - } - for (AAFPermission p : tp.perms()) { - if (p.match(pond)) { - return true; - } - } - } - return false; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission) + */ + @Override + public boolean fish(Principal bait, Permission ... pond) { + TokenPerm tp; + if (bait instanceof OAuth2Principal) { + OAuth2Principal oa2p = (OAuth2Principal)bait; + tp = oa2p.tokenPerm(); + } else { + tp=null; + } + if (tp==null) { + // if no Token Perm preset, get + try { + Pooled tcp = tokenClientPool.get(); + try { + TokenClient tc = tcp.content; + tc.username(bait.getName()); + Set scopeSet = new HashSet<>(); + scopeSet.add(tc.defaultScope()); + AAFPermission ap; + for (Permission p : pond) { + if (p instanceof AAFPermission) { + ap = (AAFPermission)p; + scopeSet.add(ap.getNS()); + } + } + String[] scopes = new String[scopeSet.size()]; + scopeSet.toArray(scopes); + + Result rtt = tc.getToken(Kind.getKind(bait),scopes); + if (rtt.isOK()) { + Result rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes()); + if (rtp.isOK()) { + tp = rtp.value; + } + } + } finally { + tcp.done(); + } + } catch (APIException | LocatorException | CadiException e) { + access.log(e, "Unable to Get a Token"); + } + } + + boolean rv = false; + if (tp!=null) { + if (tkMgr.access.willLog(Level.DEBUG)) { + StringBuilder sb = new StringBuilder("AAF Permissions for user "); + sb.append(bait.getName()); + sb.append(", from token "); + sb.append(tp.get().getAccessToken()); + for (AAFPermission p : tp.perms()) { + sb.append("\n\t["); + sb.append(p.getNS()); + sb.append(']'); + sb.append(p.getType()); + sb.append('|'); + sb.append(p.getInstance()); + sb.append('|'); + sb.append(p.getAction()); + } + sb.append('\n'); + access.log(Level.DEBUG, sb); + } + for (Permission p : pond) { + if (rv) { + break; + } + for (AAFPermission perm : tp.perms()) { + if (rv=perm.match(p)) { + break; + } + } + } + } + return rv; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List) - */ - @Override - public void fishAll(Principal bait, List permissions) { - if(bait instanceof OAuth2Principal) { - for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) { - permissions.add(p); - } - } - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List) + */ + @Override + public void fishAll(Principal bait, List permissions) { + if (bait instanceof OAuth2Principal) { + for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) { + permissions.add(p); + } + } + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission) - */ - @Override - public boolean handlesExclusively(Permission pond) { - return false; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission) + */ + @Override + public boolean handlesExclusively(Permission ... pond) { + return false; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) - */ - @Override - public boolean handles(Principal principal) { - return principal instanceof OAuth2Principal; - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) + */ + @Override + public boolean handles(Principal principal) { + return principal instanceof OAuth2Principal; + } - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) - */ - @Override - public Permission createPerm(final String p) { - String[] s = Split.split('|',p); - if(s!=null && s.length==3) { - return new AAFPermission(s[0],s[1],s[2]); - } else { - return null; - } - } + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) + */ + @Override + public Permission createPerm(final String p) { + String[] s = Split.split('|',p); + switch(s.length) { + case 3: + return new AAFPermission(null, s[0],s[1],s[2]); + case 4: + return new AAFPermission(s[0],s[1],s[2],s[3]); + default: + return new LocalPermission(p); + } + } }