X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FConfig.java;h=8cb6ae0641b398b6977351e98ecf9f51a66d5d53;hb=047edb5a4312cc7dfb3172b7e11ab1a9e2315ba2;hp=dda4b6cd0241fed2eb3aded4b732b7319209400a;hpb=a20accc73189d8e5454cd26049c0e6fae75da16f;p=aaf%2Fauthz.git

diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index dda4b6cd..8cb6ae06 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -42,7 +42,9 @@ import org.onap.aaf.cadi.CachingLur;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.Connector;
 import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.CredValDomain;
 import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.LocatorException;
 import org.onap.aaf.cadi.Lur;
 import org.onap.aaf.cadi.PropAccess;
 import org.onap.aaf.cadi.Symm;
@@ -65,6 +67,13 @@ import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
  */
 public class Config {
 
+	private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0";
+	private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon";
+	private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm";
+	private static final String OAUTH = "org.onap.auth.oauth";
+	private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
+	private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
+	private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
 	public static final String UTF_8 = "UTF-8";
 
 	// Property Names associated with configurations.
@@ -73,6 +82,8 @@ public class Config {
 	public static final String HOSTNAME = "hostname";
 	public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
 	public static final String CADI_LOGLEVEL = "cadi_loglevel";
+	public static final String CADI_LOGDIR = "cadi_log_dir";
+	public static final String CADI_ETCDIR = "cadi_etc_dir";
 	public static final String CADI_LOGNAME = "cadi_logname";
 	public static final String CADI_KEYFILE = "cadi_keyfile";
 	public static final String CADI_KEYSTORE = "cadi_keystore";
@@ -82,6 +93,7 @@ public class Config {
 	public static final String CADI_LATITUDE = "cadi_latitude";
 	public static final String CADI_LONGITUDE = "cadi_longitude";
 
+
 	public static final String CADI_KEY_PASSWORD = "cadi_key_password";
 	public static final String CADI_TRUSTSTORE = "cadi_truststore";
 	public static final String CADI_TRUSTSTORE_PASSWORD = "cadi_truststore_password";
@@ -98,13 +110,6 @@ public class Config {
 	public static final String CADI_OAUTH2_URL="cadi_oauth2_url";
 	public static final String CADI_TOKEN_DIR = "cadi_token_dir";
 
-	public static final String CSP_DOMAIN = "csp_domain";
-	public static final String CSP_HOSTNAME = "csp_hostname";
-	public static final String CSP_DEVL_LOCALHOST = "csp_devl_localhost";
-	public static final String CSP_USER_HEADER = "CSP_USER";
-	public static final String CSP_SYSTEMS_CONF = "CSPSystems.conf";
-    public static final String CSP_SYSTEMS_CONF_FILE = "csp_systems_conf_file";
-    
     public static final String HTTPS_PROTOCOLS = "https.protocols";
     public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
     public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
@@ -129,23 +134,40 @@ public class Config {
 	public static final String OAUTH_CLIENT_SECRET="client_secret";
 	
 	public static final String AAF_ENV = "aaf_env";
-	public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
 	public static final String AAF_ROOT_NS = "aaf_root_ns";
+	public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
 	public static final String AAF_ROOT_COMPANY = "aaf_root_company";
 	public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
 	private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
+	public static final String AAF_DEFAULT_VERSION = "2.1";
+	public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+	public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_VERSION;
+	public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_VERSION;
+	public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_VERSION;
+	public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_VERSION;
+	public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_VERSION;
+	public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_VERSION;
+	public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_VERSION;
+
+	public static final String AAF_REGISTER_AS = "aaf_register_as";
 	public static final String AAF_APPID = "aaf_id";
 	public static final String AAF_APPPASS = "aaf_password";
 	public static final String AAF_LUR_CLASS = "aaf_lur_class";
 	public static final String AAF_TAF_CLASS = "aaf_taf_class";
-	public static final String AAF_TAF_CLASS_DEF = "org.osaaf.cadi.aaf.v2_0.AAFTaf";
 	public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class";
 	public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
 	public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout";
 	public static final String AAF_CONN_TIMEOUT_DEF = "3000";
 	public static final String AAF_CONN_IDLE_TIMEOUT = "aaf_conn_idle_timeout"; // only for Direct Jetty Access.
 	public static final String AAF_CONN_IDLE_TIMEOUT_DEF = "10000"; // only for Direct Jetty Access.
-	
+	 
+	// Default Classes: These are for Class loading to avoid direct compile links
+	public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf";
+	public static final String AAF_LOCATOR_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFLocator";
+	public static final String CADI_OLUR_CLASS_DEF = "org.onap.aaf.cadi.olur.OLur";
+	public static final String CADI_OBASIC_HTTP_TAF_DEF = "org.onap.aaf.cadi.obasic.OBasicHttpTaf";
+	public static final String CADI_AAF_CON_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFCon";
+
 	public static final String AAF_CALL_TIMEOUT = "aaf_timeout";
 	public static final String AAF_CALL_TIMEOUT_DEF = "5000";
 	public static final String AAF_USER_EXPIRES = "aaf_user_expires";
@@ -161,11 +183,8 @@ public class Config {
 	public static final String AAF_COMPONENT = "aaf_component";
 	public static final String AAF_CERT_IDS = "aaf_cert_ids";
 	public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
-	public static final String AAF_DEFAULT_VERSION = "2.0";
 	public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
 
-
-	
 	public static final String GW_URL = "gw_url";
 	public static final String CM_URL = "cm_url";
 	public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
@@ -180,7 +199,7 @@ public class Config {
 	private static String defaultRealm="none";
 
 	public static final String AAF_DOMAIN_SUPPORT = "aaf_domain_support";
-	public static final String AAF_DOMAIN_SUPPORT_DEF = ".com";
+	public static final String AAF_DOMAIN_SUPPORT_DEF = ".com:.org";
 
 	// OAUTH2
 	public static final String AAF_OAUTH2_TOKEN_URL = "aaf_oauth2_token_url";
@@ -192,47 +211,40 @@ public class Config {
 	public static final String AAF_ALT_CLIENT_SECRET = "aaf_alt_oauth2_client_secret";
 	public static final String AAF_OAUTH2_HELLO_URL = "aaf_oauth2_hello_url";
 
-	
-	
-	public static void setDefaultRealm(Access access) throws CadiException {
+	private static final String AAF_V2_0_AAF_CON_HTTP = "org.onap.aaf.cadi.aaf.v2_0.AAFConHttp";
+
+
+	public static void setDefaultRealm(Access access) {
 		try {
-			boolean hasCSP;
-			try {
-				Class.forName("org.osaaf.cadi.taf.csp.CSPTaf");
-				hasCSP=true;
-			} catch(ClassNotFoundException e) {
-				hasCSP = logProp(access,Config.CSP_DOMAIN, null)!=null;
-			}
 			defaultRealm = logProp(access,Config.AAF_DEFAULT_REALM,
-					hasCSP?"csp.att.com":
-					logProp(access,Config.BASIC_REALM,
-						logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())
-						)
-					);
+				logProp(access,Config.BASIC_REALM,
+					logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())
+					)
+				);
 		} catch (UnknownHostException e) {
-			//defaultRealm="none";
+			access.log(Level.INIT, "Unable to determine Hostname",e);
 		}
 	}
 
-	public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException {
+	public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException {
 		Access access = si.access;
 		/////////////////////////////////////////////////////
 		// Setup AAFCon for any following
 		/////////////////////////////////////////////////////
-		Class<?> aafConClass = loadClass(access,"org.onap.aaf.cadi.aaf.v2_0.AAFCon");
+		Class<?> aafConClass = loadClass(access,CADI_AAF_CON_DEF);
 		Object aafcon = null;
 		if(con!=null && aafConClass!=null && aafConClass.isAssignableFrom(con.getClass())) {
 			aafcon = con;
 		} else if(lur != null) {
-			Field f = null;
+			Field f;
 			try {
 				f = lur.getClass().getField("aaf");
 				aafcon = f.get(lur);
-			} catch (Exception nsfe) {
+			} catch (Exception e) {
+				access.log(Level.INIT, e);
 			}
 		}
-	
-		
+
 		boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs);
 		// IMPORTANT!  Don't attempt to load AAF Connector if there is no AAF URL
 		String aafURL = access.getProperty(AAF_URL,null);
@@ -253,7 +265,7 @@ public class Config {
 		
 		access.log(Level.INIT, "Hostname set to",hostname);
 		// Get appropriate TAFs
-		ArrayList<HttpTaf> htlist = new ArrayList<HttpTaf>();
+		ArrayList<HttpTaf> htlist = new ArrayList<>();
 
 		/////////////////////////////////////////////////////
 		// Add a Denial of Service TAF
@@ -265,24 +277,23 @@ public class Config {
 		/////////////////////////////////////////////////////
 		// Configure Client Cert TAF
 		/////////////////////////////////////////////////////
-		
+		X509Taf x509TAF = null;
 		String truststore = logProp(access, CADI_TRUSTSTORE,null);
 		if(truststore!=null) {
-			String truststore_pwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD,null);
-			if(truststore_pwd!=null) {
-				if(truststore_pwd.startsWith(Symm.ENC)) {
+			String truststorePwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD,null);
+			if(truststorePwd!=null) {
+				if(truststorePwd.startsWith(Symm.ENC)) {
 					try {
-						truststore_pwd = access.decrypt(truststore_pwd,false);
+						access.decrypt(truststorePwd,false);
 					} catch (IOException e) {
 						throw new CadiException(CADI_TRUSTSTORE_PASSWORD + " cannot be decrypted",e);
 					}
 				}
 				try {
-					htlist.add(new X509Taf(access,lur));
+					x509TAF=new X509Taf(access,lur);
+					htlist.add(x509TAF);
 					access.log(Level.INIT,"Certificate Authorization enabled");
-				} catch (SecurityException e) {
-					access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);
-				} catch (IllegalArgumentException e) {
+				} catch (SecurityException | IllegalArgumentException e) {
 					access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);
 				} catch (CertificateException e) {
 					access.log(Level.INIT,"Certificate Authorization failed, it is disabled",e);
@@ -298,17 +309,17 @@ public class Config {
 		// Configure Basic Auth (local content)
 		/////////////////////////////////////////////////////
 		boolean hasOAuthDirectTAF = hasDirect("DirectOAuthTAF", additionalTafLurs);
-		String basic_realm = logProp(access, BASIC_REALM,null);
+		String basicRealm = logProp(access, BASIC_REALM,null);
 		String aafCleanup = logProp(access, AAF_USER_EXPIRES,AAF_USER_EXPIRES_DEF); // Default is 10 mins
 		long userExp = Long.parseLong(aafCleanup);
-		boolean basic_warn = "TRUE".equals(access.getProperty(BASIC_WARN,"FALSE"));
+		boolean basicWarn = "TRUE".equals(access.getProperty(BASIC_WARN,"FALSE"));
 
 		if(!hasDirectAAF) {
 			HttpTaf aaftaf=null;
 			if(!hasOAuthDirectTAF) {
-				if(basic_realm!=null) {
+				if(basicRealm!=null) {
 					@SuppressWarnings("unchecked")
-					Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,"org.osaaf.cadi.obasic.OBasicHttpTaf");
+					Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF);
 					if(obasicCls!=null) {
 						try {
 							String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null);
@@ -317,21 +328,32 @@ public class Config {
 								access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled.");
 							}
 							Constructor<HttpTaf> obasicConst = obasicCls.getConstructor(PropAccess.class,String.class, String.class, String.class);
-							htlist.add(obasicConst.newInstance(access,basic_realm,tokenurl,introspecturl));
+							htlist.add(obasicConst.newInstance(access,basicRealm,tokenurl,introspecturl));
 							access.log(Level.INIT,"Oauth supported Basic Authorization is enabled");
 						} catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+							access.log(Level.INIT, e);
 						}
 					} else if(up!=null) {
-						access.log(Level.INIT,"Basic Authorization is enabled using realm",basic_realm);
+						access.log(Level.INIT,"Basic Authorization is enabled using realm",basicRealm);
 						// Allow warning about insecure channel to be turned off
-						if(!basic_warn)access.log(Level.INIT,"WARNING! The basic_warn property has been set to false.",
-								" There will be no additional warning if Basic Auth is used on an insecure channel"
-								);
-						htlist.add(new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn));
+						if(!basicWarn) {
+							access.log(Level.INIT, "WARNING! The basicWarn property has been set to false.",
+								" There will be no additional warning if Basic Auth is used on an insecure channel");
+						}
+						BasicHttpTaf bht = new BasicHttpTaf(access, up, basicRealm, userExp, basicWarn);
+						for(Object o : additionalTafLurs) {
+							if(o instanceof CredValDomain) {
+								bht.add((CredValDomain)o);
+							}
+						}
+						if(x509TAF!=null) {
+							x509TAF.add(bht);
+						}
+						htlist.add(bht);
 						access.log(Level.INIT,"Basic Authorization is enabled");
 					}
 				} else {
-					access.log(Level.INIT,"Local Basic Authorization is disabled.  Enable by setting basic_realm=<appropriate realm, i.e. my.att.com>");
+					access.log(Level.INIT,"Local Basic Authorization is disabled.  Enable by setting basicRealm=<appropriate realm, i.e. my.att.com>");
 				}
 			
 				/////////////////////////////////////////////////////
@@ -347,23 +369,26 @@ public class Config {
 					if(AAF_TAF_CLASS_DEF.equals(aafTafClassName)) { 
 						try {
 							Class<?> aafTafClass = loadClass(access,aafTafClassName);
-		
-							Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
-							if(cstr!=null) {
-								if(lur instanceof AbsUserCache) {
-									aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);
-								} else {
-									cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
-									if(cstr!=null) {
-										aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn);
+							if(aafTafClass!=null) {
+								Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
+								if(cstr!=null) {
+									if(lur instanceof AbsUserCache) {
+										aaftaf = (HttpTaf)cstr.newInstance(aafcon,basicWarn,lur);
+									} else {
+										cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
+										if(cstr!=null) {
+											aaftaf = (HttpTaf)cstr.newInstance(aafcon,basicWarn);
+										}
+									}
+									if(aaftaf==null) {
+										access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured");
+									} else {
+										access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
+										// Note: will add later, after all others configured
 									}
 								}
-								if(aaftaf==null) {
-									access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured");
-								} else {
-									access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
-									// Note: will add later, after all others configured
-								}
+							} else {
+								access.log(Level.INIT, "There is no AAF TAF class available: %s. AAF TAF not configured.",aafTafClassName);
 							}
 						} catch(Exception e) {
 							access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured",e);
@@ -376,25 +401,32 @@ public class Config {
 			// Configure OAuth TAF
 			/////////////////////////////////////////////////////
 			if(!hasOAuthDirectTAF) {
-				String oauth_token_url = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null);
-				if(additionalTafLurs!=null && additionalTafLurs.length>0 && additionalTafLurs[0].getClass().getName().equals("org.osaaf.authz.oauth.OAuthDirectTAF")) {
+				String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null);
+				Class<?> oadtClss;
+				try {
+					oadtClss = Class.forName(OAUTH_DIRECT_TAF);
+				} catch (ClassNotFoundException e1) {
+					oadtClss = null;
+					access.log(Level.INIT, e1);
+				}
+				if(additionalTafLurs!=null && additionalTafLurs.length>0 && (oadtClss!=null && additionalTafLurs[0].getClass().isAssignableFrom(oadtClss))) {
 					htlist.add((HttpTaf)additionalTafLurs[0]);
-					String array[] = new String[additionalTafLurs.length-1];
+					String[] array= new String[additionalTafLurs.length-1];
 					if(array.length>0) {
 						System.arraycopy(htlist, 1, array, 0, array.length);
 					}
 					additionalTafLurs = array;
 					access.log(Level.INIT,"OAuth2 Direct is enabled");
-				} else if(oauth_token_url!=null) {
-					String oauth_introspect_url = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null);
+				} else if(oauthTokenUrl!=null) {
+					String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null);
 					@SuppressWarnings("unchecked")
-					Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,"org.osaaf.cadi.oauth.OAuth2HttpTaf");
+					Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF);
 					if(oaTCls!=null) {
-						Class<?> oaTTmgrCls = loadClass(access, "org.osaaf.cadi.oauth.TokenMgr");
+						Class<?> oaTTmgrCls = loadClass(access, OAUTH_TOKEN_MGR);
 						if(oaTTmgrCls!=null) {
 							try {
 								Method oaTTmgrGI = oaTTmgrCls.getMethod("getInstance",PropAccess.class,String.class,String.class);
-								Object oaTTmgr = oaTTmgrGI.invoke(null /*this is static method*/,access,oauth_token_url,oauth_introspect_url);
+								Object oaTTmgr = oaTTmgrGI.invoke(null /*this is static method*/,access,oauthTokenUrl,oauthIntrospectUrl);
 								Constructor<HttpTaf> oaTConst = oaTCls.getConstructor(Access.class,oaTTmgrCls);
 								htlist.add(oaTConst.newInstance(access,oaTTmgr));
 								access.log(Level.INIT,"OAuth2 TAF is enabled");
@@ -422,16 +454,43 @@ public class Config {
 		/////////////////////////////////////////////////////
 		if(additionalTafLurs!=null) {
 			for(Object additional : additionalTafLurs) {
-				if(additional instanceof HttpTaf) {
-					htlist.add((HttpTaf)additional);
+				if(additional instanceof BasicHttpTaf) {
+					BasicHttpTaf ht = (BasicHttpTaf)additional;
+					for(Object cv : additionalTafLurs) {
+						if(cv instanceof CredValDomain) {
+							ht.add((CredValDomain)cv);
+							access.printf(Level.INIT,"%s Authentication is enabled",cv);
+						}
+					}
+					htlist.add(ht);
+				} else if(additional instanceof HttpTaf) {
+					HttpTaf ht = (HttpTaf)additional;
+					htlist.add(ht);
 					access.printf(Level.INIT,"%s Authentication is enabled",additional.getClass().getSimpleName());
-				} else if(hasOAuthDirectTAF && additional.getClass().getSimpleName().equals("DirectAAFUserPass")) {
-					htlist.add(new BasicHttpTaf(access, (CredVal)additional , basic_realm, userExp, basic_warn));
-					access.printf(Level.INIT,"Direct BasicAuth Authentication is enabled",additional.getClass().getSimpleName());
+				} else if(hasOAuthDirectTAF) {
+					Class<?> daupCls;
+					try {
+						daupCls = Class.forName("org.onap.aaf.auth.direct.DirectAAFUserPass");
+					} catch (ClassNotFoundException e) {
+						daupCls = null;
+						access.log(Level.INIT, e);
+					}
+					if(daupCls != null && additional.getClass().isAssignableFrom(daupCls)) {
+						htlist.add(new BasicHttpTaf(access, (CredVal)additional , basicRealm, userExp, basicWarn));
+						access.printf(Level.INIT,"Direct BasicAuth Authentication is enabled",additional.getClass().getSimpleName());
+					}
 				}
 			}
 		}
 		
+		// Add BasicAuth, if any, to x509Taf
+		if(x509TAF!=null) {
+			for( HttpTaf ht : htlist) {
+				if(ht instanceof BasicHttpTaf) {
+					x509TAF.add((BasicHttpTaf)ht);
+				}
+			}
+		}
 		/////////////////////////////////////////////////////
 		// Create EpiTaf from configured TAFs
 		/////////////////////////////////////////////////////
@@ -456,7 +515,7 @@ public class Config {
 	public static String logProp(Access access,String tag, String def) {
 		String rv = access.getProperty(tag, def);
 		if(rv == null) {
-			access.log(Level.INIT,tag,"is not set");
+			access.log(Level.INIT,tag,"is not explicitly set");
 		} else {
 			access.log(Level.INIT,tag,"is set to",rv);
 		}
@@ -465,7 +524,7 @@ public class Config {
 	
 	public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException {
 		Access access = si.access;
-		List<Lur> lurs = new ArrayList<Lur>();
+		List<Lur> lurs = new ArrayList<>();
 		
 		/////////////////////////////////////////////////////
 		// Configure a Local Property Based RBAC/LUR
@@ -475,13 +534,15 @@ public class Config {
 			String groups = access.getProperty(GROUPS,null);
 
 			if(groups!=null || users!=null) {
-				LocalLur ll;
-				lurs.add(ll = new LocalLur(access, users, groups)); // note b64==null is ok.. just means no encryption.
+				LocalLur ll = new LocalLur(access, users, groups);  // note b64==null is ok.. just means no encryption.
+				lurs.add(ll);
 				
 				String writeto = access.getProperty(WRITE_TO,null);
 				if(writeto!=null) {
 					String msg = UsersDump.updateUsers(writeto, ll);
-					if(msg!=null) access.log(Level.INIT,"ERROR! Error Updating ",writeto,"with roles and users:",msg);
+					if(msg!=null) {
+						access.log(Level.INIT,"ERROR! Error Updating ",writeto,"with roles and users:",msg);
+					}
 				}
 			}
 		} catch (IOException e) {
@@ -491,21 +552,25 @@ public class Config {
 		/////////////////////////////////////////////////////
 		// Configure the OAuth Lur (if any)
 		/////////////////////////////////////////////////////
-		String token_url = logProp(access,AAF_OAUTH2_TOKEN_URL, null);
-		String introspect_url = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null);
-		if(token_url!=null && introspect_url !=null) {
+		String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null);
+		String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null);
+		if(tokenUrl!=null && introspectUrl !=null) {
 			try {
-				Class<?> olurCls = loadClass(access, "org.osaaf.cadi.olur.OLur");
+				Class<?> olurCls = loadClass(access, CADI_OLUR_CLASS_DEF);
 				if(olurCls!=null) {
 					Constructor<?> olurCnst = olurCls.getConstructor(PropAccess.class,String.class,String.class);
-					Lur olur = (Lur)olurCnst.newInstance(access,token_url,introspect_url);
+					Lur olur = (Lur)olurCnst.newInstance(access,tokenUrl,introspectUrl);
 					lurs.add(olur);
 					access.log(Level.INIT, "OAuth2 LUR enabled");
 				} else {
 					access.log(Level.INIT,"AAF/OAuth LUR plugin is not available.");
 				}
 			} catch (NoSuchMethodException| SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
-				access.log(e,"AAF/OAuth LUR could not be constructed with given Constructors.");
+				String msg = e.getMessage();
+				if(msg==null && e.getCause()!=null) {
+					msg = e.getCause().getMessage();
+				}
+				access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg,e);
 			} 
 		} else {
 			access.log(Level.INIT, "OAuth2 Lur disabled");
@@ -518,16 +583,16 @@ public class Config {
 			// Configure the AAF Lur (if any)
 			/////////////////////////////////////////////////////
 			String aafURL = logProp(access,AAF_URL,null); // Trigger Property
-			String aaf_env = access.getProperty(AAF_ENV,null);
-			if(aaf_env == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
+			String aafEnv = access.getProperty(AAF_ENV,null);
+			if(aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
 				int ec = aafURL.indexOf("envContext=");
 				if(ec>0) {
 					ec += 11; // length of envContext=
 					int slash = aafURL.indexOf('/', ec);
 					if(slash>0) {
-						aaf_env = aafURL.substring(ec, slash);
-						((PropAccess)access).setProperty(AAF_ENV, aaf_env);
-						access.printf(Level.INIT, "Setting aaf_env to %s from aaf_url value",aaf_env);
+						aafEnv = aafURL.substring(ec, slash);
+						((PropAccess)access).setProperty(AAF_ENV, aafEnv);
+						access.printf(Level.INIT, "Setting aafEnv to %s from aaf_url value",aafEnv);
 					}
 				}
 			}
@@ -537,26 +602,28 @@ public class Config {
 				if(aafURL==null) {
 					access.log(Level.INIT,"No AAF LUR properties, AAF will not be loaded");
 				} else {// There's an AAF_URL... try to configure an AAF
-					String aafLurClassStr = logProp(access,AAF_LUR_CLASS,"org.osaaf.cadi.aaf.v2_0.AAFLurPerm");
+					String aafLurClassStr = logProp(access,AAF_LUR_CLASS,AAF_V2_0_AAF_LUR_PERM);
 					////////////AAF Lur 2.0 /////////////
-					if(aafLurClassStr.startsWith("org.osaaf.cadi.aaf.v2_0")) { 
+					if(aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) { 
 						try {
 							Object aafcon = loadAAFConnector(si, aafURL);
 							if(aafcon==null) {
 								access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object.");
 							} else {
-								Class<?> aafAbsAAFCon = loadClass(access, "org.osaaf.cadi.aaf.v2_0.AAFCon");
-								Method mNewLur = aafAbsAAFCon.getMethod("newLur");
-								Object aaflur = mNewLur.invoke(aafcon);
-			
-								if(aaflur==null) {
-									access.log(Level.INIT,"ERROR! AAF LUR Failed construction.  NOT Configured");
-								} else {
-									access.log(Level.INIT,"AAF LUR Configured to ",aafURL);
-									lurs.add((Lur)aaflur);
-									String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);
-									if(debugIDs !=null && aaflur instanceof CachingLur) {
-										((CachingLur<?>)aaflur).setDebug(debugIDs);
+								Class<?> aafAbsAAFCon = loadClass(access, AAF_V2_0_AAFCON);
+								if(aafAbsAAFCon!=null) {
+									Method mNewLur = aafAbsAAFCon.getMethod("newLur");
+									Object aaflur = mNewLur.invoke(aafcon);
+				
+									if(aaflur==null) {
+										access.log(Level.INIT,"ERROR! AAF LUR Failed construction.  NOT Configured");
+									} else {
+										access.log(Level.INIT,"AAF LUR Configured to ",aafURL);
+										lurs.add((Lur)aaflur);
+										String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);
+										if(debugIDs !=null && aaflur instanceof CachingLur) {
+											((CachingLur<?>)aaflur).setDebug(debugIDs);
+										}
 									}
 								}
 							}
@@ -609,53 +676,53 @@ public class Config {
 		return false;
 	}
 
-	private static final String COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP = "org.osaaf.cadi.aaf.v2_0.AAFConHttp";
 	public static Object loadAAFConnector(SecurityInfoC<HttpURLConnection> si, String aafURL) {
 		Access access = si.access;
 		Object aafcon = null;
 		Class<?> aafConClass = null;
 
 		try {
-			if(aafURL!=null) {
-				String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
-			if(COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
-					aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
-					for(Constructor<?> c : aafConClass.getConstructors()) {
-						List<Object> lo = new ArrayList<Object>();
-						for(Class<?> pc : c.getParameterTypes()) {
-							if(pc.equals(PropAccess.class)) {
-								lo.add(access);
-							} else if(pc.equals(Locator.class)) {
-								lo.add(loadLocator(si, aafURL));
+			if (aafURL!=null) {
+				String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, AAF_V2_0_AAF_CON_HTTP);
+				if (AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
+					aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP);
+					if (aafConClass != null) {
+						for (Constructor<?> c : aafConClass.getConstructors()) {
+							List<Object> lo = new ArrayList<>();
+							for (Class<?> pc : c.getParameterTypes()) {
+								if (pc.equals(Access.class)) {
+									lo.add(access);
+								} else if (pc.equals(Locator.class)) {
+									lo.add(loadLocator(si, aafURL));
+								}
+							}
+							if (c.getParameterTypes().length != lo.size()) {
+								continue; // back to another Constructor
 							} else {
-								continue;
+								aafcon = c.newInstance(lo.toArray());
 							}
+							break;
 						}
-						if(c.getParameterTypes().length!=lo.size()) {
-							continue; // back to another Constructor
-						} else {
-							aafcon = c.newInstance(lo.toArray());
-						}
-						break;
 					}
 				}
-				if(aafcon!=null) {
-					String mechid = logProp(access,Config.AAF_APPID, null);
+				if (aafcon != null) {
+					String mechid = logProp(access, Config.AAF_APPID, null);
 					String pass = access.getProperty(Config.AAF_APPPASS, null);
-					if(mechid!=null && pass!=null) {
+					if (mechid != null && pass != null) {
 						try {
 							Method basicAuth = aafConClass.getMethod("basicAuth", String.class, String.class);
-							basicAuth.invoke(aafcon, mechid,pass);
+							basicAuth.invoke(aafcon, mechid, pass);
 						} catch (NoSuchMethodException nsme) {
+							access.log(Level.NONE, nsme);
 							// it's ok, don't use
 						}
 					}
 				}
 			}
 		} catch (Exception e) {
-			access.log(e,"AAF Connector could not be constructed with given Constructors.");
+			access.log(e, "AAF Connector could not be constructed with given Constructors.");
 		}
-		
+
 		return aafcon;
 	}
 
@@ -664,31 +731,38 @@ public class Config {
 		try {
 			cls = access.classLoader().loadClass(className);
 		} catch (ClassNotFoundException cnfe) {
+			access.log(Level.NONE, cnfe);
 			try {
 				cls = access.getClass().getClassLoader().loadClass(className);
 			} catch (ClassNotFoundException cnfe2) {
+				access.log(Level.NONE, cnfe2);
 				// just return null
 			}
 		}
 		return cls;
 	}
 
-
 	@SuppressWarnings("unchecked")
-	public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) {
+	public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) throws LocatorException {
 		Access access = si.access;
-		String url = _url, replacement;
-		int idxAAF_LOCATE_URL;
-		if((idxAAF_LOCATE_URL=_url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
-			url = replacement + "/locate" + _url.substring(idxAAF_LOCATE_URL+AAF_LOCATE_URL_TAG.length());
-		}
-
 		Locator<URI> locator = null;
-		if(url==null) {
+		if(_url==null) {
 			access.log(Level.INIT,"No URL passed to 'loadLocator'. Disabled");
 		} else {
+			String url = _url;
+			String replacement;
+			int idxAAFLocateUrl;
+			if((idxAAFLocateUrl=_url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
+				StringBuilder sb = new StringBuilder(replacement);
+				if(!replacement.endsWith("/locate")) {
+					sb.append("/locate");
+				} 
+				sb.append(_url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),_url.length());
+				url = sb.toString();
+			}
+	
 			try {
-				Class<?> lcls = loadClass(access,"org.onap.aaf.cadi.aaf.v2_0.AAFLocator");
+				Class<?> lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF);
 				if(lcls==null) {
 					throw new CadiException("Need to include aaf-cadi-aaf jar for AAFLocator");
 				}
@@ -697,11 +771,11 @@ public class Config {
 					Method meth = lcls.getMethod("create",String.class);
 					locator = (Locator<URI>)meth.invoke(null,url);
 				} catch (Exception e) {
-					locator = null;
+					access.log(Level.INIT, e);
 				}
 				if(locator==null) {
 					URI locatorURI = new URI(url);
-					Constructor<?> cnst = lcls.getConstructor(new Class[] {SecurityInfoC.class,URI.class});
+					Constructor<?> cnst = lcls.getConstructor(SecurityInfoC.class,URI.class);
 					locator = (Locator<URI>)cnst.newInstance(new Object[] {si,locatorURI});
 					int port = locatorURI.getPort();
 					String portS = port<0?"":(":"+locatorURI.getPort());
@@ -711,6 +785,9 @@ public class Config {
 					access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName());
 				}
 			} catch (InvocationTargetException e) {
+				if(e.getTargetException() instanceof LocatorException) {
+					throw (LocatorException)e.getTargetException();
+				}
 				access.log(Level.INIT,e.getTargetException().getMessage(),"AAFLocator for",url,"could not be created.",e);
 			} catch (Exception e) {
 				access.log(Level.INIT,"AAFLocator for",url,"could not be created.",e);