X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Faaf%2Fclient%2Fsample%2FSample.java;h=5e715b222065202683d2176699c3d823d1fdf4b9;hb=6dd9704640eb8cc8d6b4ccd266e40a3f6f589e75;hp=8881e76e0e575e3eca5e3759471c5dd1133a4252;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java index 8881e76e..5e715b22 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -44,7 +44,7 @@ public class Sample { final private AAFConHttp aafcon; final private AAFLurPerm aafLur; final private AAFAuthn aafAuthn; - + /** * This method is to emphasize the importance of not creating the AAFObjects over and over again. * @return @@ -58,25 +58,25 @@ public class Sample { aafLur = aafcon.newLur(); aafAuthn = aafcon.newAuthn(aafLur); } - + /** * Checking credentials outside of HTTP/S presents fewer options initially. There is not, for instance, - * the option of using 2-way TLS HTTP/S. - * - * However, Password Checks are still useful, and, if the Client Certificate could be obtained in other ways, the + * the option of using 2-way TLS HTTP/S. + * + * However, Password Checks are still useful, and, if the Client Certificate could be obtained in other ways, the * Interface can be expanded in the future to include Certificates. - * @throws CadiException - * @throws IOException + * @throws CadiException + * @throws IOException */ public Principal checkUserPass(String fqi, String pass) throws IOException, CadiException { String ok = aafAuthn.validate(fqi, pass); - if(ok==null) { + if (ok==null) { System.out.println("Success!"); /* UnAuthPrincipal means that it is not coming from the official Authorization chain. This is useful for Security Plugins which don't use Principal as the tie between Authentication and Authorization - + You can also use this if you want to check Authorization without actually Authenticating, as may be the case with certain Onboarding Tooling. */ @@ -85,86 +85,86 @@ public class Sample { System.out.printf("Failure: %s\n",ok); return null; } - + } /** * An example of looking for One Permission within all the permissions user has. CADI does cache these, * so the call is not expensive. - * - * Note: If you are using "J2EE" (Servlets), CADI ties this function to the method: + * + * Note: If you are using "J2EE" (Servlets), CADI ties this function to the method: * HttpServletRequest.isUserInRole(String user) - * + * * The J2EE user can expect that his servlet will NOT be called without a Validated Principal, and that * "isUserInRole()" will validate if the user has the Permission designated. - * + * */ public boolean oneAuthorization(Principal fqi, Permission p) { return aafLur.fish(fqi, p); } - + public List allAuthorization(Principal fqi) { List pond = new ArrayList<>(); aafLur.fishAll(fqi, pond); return pond; } - - + + public static void main(String[] args) { // Note: you can pick up Properties from Command line as well as VM Properties // Code "user_fqi=... user_pass=..." (where user_pass can be encrypted) in the command line for this sample. // Also code "perm=||" to test a specific Permission - PropAccess myAccess = new PropAccess(args); + PropAccess myAccess = new PropAccess(args); try { /* * NOTE: Do NOT CREATE new aafcon, aafLur and aafAuthn each transaction. They are built to be * reused! - * + * * This is why this code demonstrates "Sample" as a singleton. */ singleton = new Sample(myAccess); String user = myAccess.getProperty("user_fqi"); String pass= myAccess.getProperty("user_pass"); - - if(user==null || pass==null) { + + if (user==null || pass==null) { System.err.println("This Sample class requires properties user_fqi and user_pass"); } else { pass = myAccess.decrypt(pass, false); // Note, with "false", decryption will only happen if starts with "enc:" // See the CODE for Java Methods used Principal fqi = Sample.singleton().checkUserPass(user,pass); - - if(fqi==null) { + + if (fqi==null) { System.out.println("OK, normally, you would cease processing for an " + "unauthenticated user, but for the purpose of Sample, we'll keep going.\n"); fqi=new UnAuthPrincipal(user); } - + // AGAIN, NOTE: If your client fails Authentication, the right behavior 99.9% // of the time is to drop the transaction. We continue for sample only. - + // note, default String for perm String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read"); String[] permA = Split.splitTrim('|', permS); - if(permA.length>2) { + if (permA.length>2) { final Permission perm = new AAFPermission(null, permA[0],permA[1],permA[2]); // See the CODE for Java Methods used - if(singleton().oneAuthorization(fqi, perm)) { + if (singleton().oneAuthorization(fqi, perm)) { System.out.printf("Success: %s has %s\n",fqi.getName(),permS); } else { System.out.printf("%s does NOT have %s\n",fqi.getName(),permS); } } - - + + // Another form, you can get ALL permissions in a list // See the CODE for Java Methods used List permL = singleton().allAuthorization(fqi); - if(permL.size()==0) { + if (permL.size()==0) { System.out.printf("User %s has no Permissions THAT THE CALLER CAN SEE\n",fqi.getName()); } else { System.out.print("Success:\n"); - for(Permission p : permL) { + for (Permission p : permL) { System.out.printf("\t%s has %s\n",fqi.getName(),p.getKey()); } }