X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Flur%2FLocalLur.java;fp=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Flur%2FLocalLur.java;h=0f9adb94d6cdc2c4e1d797f1f831daaae37905b4;hb=40a9c869994113c1d0701d205829c60837fe3e8b;hp=c1a27fa77c5a6ef5c94a018f3ef8ff43e74e0198;hpb=3a4fad5b7ea6fa2eead2e53e17ed2d0fa476715d;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java index c1a27fa7..0f9adb94 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,10 +38,9 @@ import org.onap.aaf.cadi.User; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.config.Config; - /** * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms. - * + * * @author Jonathan * */ @@ -50,120 +49,69 @@ public final class LocalLur extends AbsUserCache implements Lur public static final String COLON = "\\s*:\\s*"; public static final String COMMA = "\\s*,\\s*"; public static final String PERCENT = "\\s*%\\s*"; - + // Use to quickly determine whether any given group is supported by this LUR private final Set supportingGroups; - private String supportedRealm; - + private String supportedRealm; + /** * Construct by building structure, see "build" - * + * * Reconstruct with "build" - * - * @param userProperty - * @param groupProperty + * + * @param userProperties + * @param groupProperties * @param decryptor * @throws IOException */ - public LocalLur(Access access, String userProperty, String groupProperty) throws IOException { + public LocalLur(Access access, String userProperties, String groupProperties) throws IOException { super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire supportedRealm = access.getProperty(Config.BASIC_REALM, "localized"); - supportingGroups = new TreeSet(); - - if(userProperty!=null) { - // For each User name... - for(String user : userProperty.trim().split(SEMI)) { - String[] us = user.split(COLON,2); - String[] userpass = us[0].split(PERCENT,2); - String u; - User usr; - if(userpass.length>1) { - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - - u = userpass[0]; - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - usr = new User(new ConfigPrincipal(u, pass)); - } else { - u = us[0]; - usr = new User(new ConfigPrincipal(u, (byte[])null)); - } - addUser(usr); - access.log(Level.INIT, "Local User:",usr.principal); - - if(us.length>1) { - Map newMap = usr.newMap(); - for(String group : us[1].split(COMMA)) { - supportingGroups.add(group); - usr.add(newMap,new LocalPermission(group)); - } - usr.setMap(newMap); - } - } + supportingGroups = new TreeSet<>(); + + if (userProperties != null) { + parseUserProperties(userProperties); } - if(groupProperty!=null) { - // For each Group name... - for(String group : groupProperty.trim().split(SEMI)) { - String[] gs = group.split(COLON,2); - if(gs.length>1) { - supportingGroups.add(gs[0]); - LocalPermission p = new LocalPermission(gs[0]); - // Add all users (known by comma separators) - - for(String grpMem : gs[1].split(COMMA)) { - // look for password, if so, put in passMap - String[] userpass = grpMem.split(PERCENT,2); - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - User usr = null; - if(userpass.length>1) { - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - usr = getUser(userpass[0],pass); - if(usr==null)addUser(usr=new User(new ConfigPrincipal(userpass[0],pass))); - else usr.principal=new ConfigPrincipal(userpass[0],pass); - } else { - addUser(usr=new User(new ConfigPrincipal(userpass[0],(byte[])null))); - } - usr.add(p); - access.log(Level.INIT, "Local User:",usr.principal); - } - } - } + + if (groupProperties != null) { + parseGroupProperties(groupProperties); } } - + public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) { - User usr = getUser(user,cred); - switch(type) { - case PASSWORD: - // covers null as well as bad pass - if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) { - return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred()); - } - break; + if (cred == null) { + return false; + } + User usr = getUser(user, cred); + if (usr == null) { + return false; + } + // covers null as well as bad pass + if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {; + return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred()); } return false; } // @Override public boolean fish(Principal bait, Permission pond) { - if(pond == null) { + if (pond == null) { return false; } - if(handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions - User user = getUser(bait); - return user==null?false:user.contains((LocalPermission)pond); + if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions + User user = getUser(bait); + if (user != null) { + return user.contains((LocalPermission)pond); } + } return false; } // We do not want to expose the actual Group, so make a copy. public void fishAll(Principal bait, List perms) { - if(handles(bait)) { + if (handles(bait)) { User user = getUser(bait); - if(user!=null) { + if (user != null) { user.copyPermsTo(perms); } } @@ -174,13 +122,12 @@ public final class LocalLur extends AbsUserCache implements Lur */ @Override public boolean handles(Principal principal) { - return principal!=null && principal.getName().endsWith(supportedRealm); + if (principal == null) { + return false; + } + return principal.getName().endsWith(supportedRealm); } -// public boolean supports(String userName) { -// return userName!=null && userName.endsWith(supportedRealm); -// } -// public boolean handlesExclusively(Permission pond) { return supportingGroups.contains(pond.getKey()); } @@ -192,5 +139,74 @@ public final class LocalLur extends AbsUserCache implements Lur public Permission createPerm(String p) { return new LocalPermission(p); } + + private void parseUserProperties(String userProperties) throws IOException { + // For each User name... + for (String userProperty : userProperties.trim().split(SEMI)) { + String[] userInfo = userProperty.split(COLON, 2); + String[] userPass = userInfo[0].split(PERCENT, 2); + String userName = userPass[0]; + + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + } + User usr; + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + access.log(Level.INIT, "Local User:", usr.principal); + + if (userInfo.length > 1) { + Map newMap = usr.newMap(); + for (String group : userInfo[1].split(COMMA)) { + supportingGroups.add(group); + usr.add(newMap, new LocalPermission(group)); + } + usr.setMap(newMap); + } + } + } + + + private void parseGroupProperties(String groupProperties) throws IOException { + // For each Group name... + for (String group : groupProperties.trim().split(SEMI)) { + String[] groups = group.split(COLON, 2); + if (groups.length <= 1) { + continue; + } + supportingGroups.add(groups[0]); + LocalPermission p = new LocalPermission(groups[0]); + + // Add all users (known by comma separators) + for (String groupMember : groups[1].split(COMMA)) { + // look for password, if so, put in passMap + String[] userPass = groupMember.split(PERCENT, 2); + String userName = userPass[0]; + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + + User usr = null; + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + } + usr = getUser(userName, password); + if (usr == null) { + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + } + else { + usr.principal = new ConfigPrincipal(userName, password); + } + usr.add(p); + access.log(Level.INIT, "Local User:", usr.principal); + } + } + } }