X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=shiro%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fshiro%2FAAFRealm.java;h=091c22b678b4f33c98abefda85fdaa669a35a27d;hb=01deccbf0cc5c1cadc2d5d25e76ccb3dde676cea;hp=3577c13025e5ad1c328d4d52de242f739c328190;hpb=355cda9893529070169e4814158924d1d14094f8;p=aaf%2Fcadi.git diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 3577c13..091c22b 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -21,11 +21,17 @@ package org.onap.aaf.cadi.shiro; import java.io.IOException; +import java.io.PrintStream; import java.security.Principal; import java.util.ArrayList; import java.util.HashSet; import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.TreeMap; +import org.apache.log4j.Logger; +import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -45,8 +51,10 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; - public class AAFRealm extends AuthorizingRealm { + + final static Logger logger = Logger.getLogger(AAFRealm.class); + public static final String AAF_REALM = "AAFRealm"; private PropAccess access; @@ -55,6 +63,7 @@ public class AAFRealm extends AuthorizingRealm { private HashSet> supports; private AAFLurPerm authz; private MapBathConverter mbc; + private Map idMap; /** @@ -65,12 +74,22 @@ public class AAFRealm extends AuthorizingRealm { public AAFRealm () { access = new PropAccess(); // pick up cadi_prop_files from VM_Args mbc = null; + idMap = null; String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; access.log(Level.INIT,msg); throw new RuntimeException(msg); } else { + try { + String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; + PropertyConfigurator.configure(log4jConfigFile); + System.setOut(createLoggingProxy(System.out)); + System.setErr(createLoggingProxy(System.err)); + } catch(Exception e) { + e.printStackTrace(); + } + //System.out.println("Configuration done"); try { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); @@ -80,28 +99,59 @@ public class AAFRealm extends AuthorizingRealm { if(csv!=null) { try { mbc = new MapBathConverter(access, new CSV(csv)); - access.printf(Level.INIT, "MapBathConversion enabled with file %s\n",csv); + logger.info("MapBathConversion enabled with file "+csv); + idMap = new TreeMap(); + // Load + for(Entry es : mbc.map().entrySet()) { + String oldID = es.getKey(); + if(oldID.startsWith("Basic ")) { + oldID = Symm.base64noSplit.decode(oldID.substring(6)); + int idx = oldID.indexOf(':'); + if(idx>=0) { + oldID = oldID.substring(0, idx); + } + } + String newID = es.getValue(); + if(newID.startsWith("Basic ")) { + newID = Symm.base64noSplit.decode(newID.substring(6)); + int idx = newID.indexOf(':'); + if(idx>=0) { + newID = newID.substring(0, idx); + } + } + idMap.put(oldID,newID); + } } catch (IOException e) { - access.log(e); + logger.error(e.getMessage(), e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); + logger.info(msg + " "+ e.getMessage(), e); throw new RuntimeException(msg,e); } } supports = new HashSet>(); supports.add(UsernamePasswordToken.class); } + public static PrintStream createLoggingProxy(final PrintStream realPrintStream) { + return new PrintStream(realPrintStream) { + public void print(final String string) { + realPrintStream.print(string); + logger.info(string); + } + }; + } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); + logger.debug("AAFRealm.doGetAuthenticationInfo :"+token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; - String user = upt.getUsername(); - String password=new String(upt.getPassword()); + final String user = upt.getUsername(); + String authUser = user; + final String password=new String(upt.getPassword()); + String authPassword = password; if(mbc!=null) { try { final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); @@ -110,24 +160,24 @@ public class AAFRealm extends AuthorizingRealm { bath = Symm.base64noSplit.decode(bath.substring(6)); int colon = bath.indexOf(':'); if(colon>=0) { - user = bath.substring(0, colon); - password = bath.substring(colon+1); + authUser = bath.substring(0, colon); + authPassword = bath.substring(colon+1); } } } catch (IOException e) { - access.log(e); + logger.error(e.getMessage(), e); } } String err; try { - err = authn.validate(user,password); + err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - access.log(e, err); + logger.error(err, e); } if(err != null) { - access.log(Level.DEBUG, err); + logger.debug(err); throw new AuthenticationException(err); } @@ -152,10 +202,22 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo"); + logger.debug("AAFRealm.doGetAuthenthorizationInfo"); Principal bait = (Principal)principals.getPrimaryPrincipal(); + Principal newBait = bait; + if(idMap!=null) { + final String newID = idMap.get(bait.getName()); + if(newID!=null) { + newBait = new Principal() { + @Override + public String getName() { + return newID; + } + }; + } + } List pond = new ArrayList<>(); - authz.fishAll(bait,pond); + authz.fishAll(newBait,pond); return new AAFAuthorizationInfo(access,bait,pond);