import org.onap.aaf.auth.dao.cass.CacheInfoDAO;
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.dao.cass.DelegateDAO;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Hash;
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd,dbcred);
+ load(debug, cdd);
}
break;
case CredDAO.BASIC_AUTH_SHA256:
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd, dbcred);
+ load(debug, cdd);
}
break;
default:
}
} // end for each
if(debug==null) {
- debug=new StringBuilder();
+ trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user);
} else {
- debug.append(", ");
+ trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString());
}
-
- debug.append("cred=");
- debug.append(new String(cred));
- trans.audit().printf("No cred matches ip=%s, user=%s, %s\n",trans.ip(),user,trans.encryptor().encrypt(debug.toString()));
if(expired!=null) {
// Note: this is only returned if there are no good Credentials
rv = Result.err(Status.ERR_Security,
}
- private void load(StringBuilder debug, Data cdd, byte[] dbcred) {
+ private void load(StringBuilder debug, Data cdd) {
debug.append("DB Entry: user=");
debug.append(cdd.id);
debug.append(",type=");
debug.append(cdd.type);
- debug.append(",cred=");
- debug.append(Hash.toHex(dbcred));
debug.append(",expires=");
debug.append(Chrono.dateTime(cdd.expires));
debug.append('\n');
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear";
private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip";
private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
- private final static String PERM_LOG_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
+ private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id";
/**
* Normal Init level APIs
}
Miss miss = missMap.get(mkey);
if(miss==null) {
- missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval));
+ missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval,key));
return true;
}
return miss.mayContinue();
keys.addAll(missMap.keySet());
for(String key : keys) {
Miss m = missMap.get(key);
- if(m!=null && m.timestamp<System.currentTimeMillis()) {
- synchronized(missMap) {
- missMap.remove(key);
+ if(m!=null) {
+ long timeLeft = m.timestamp - System.currentTimeMillis();
+ if(timeLeft<0) {
+ synchronized(missMap) {
+ missMap.remove(key);
+ }
+ access.log(Level.INFO, m.name, " has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
+ ++miss;
+ } else {
+ access.log(Level.INFO, m.name, " remains in Missed Credential Map (" + m.tries + " invalid tries) for " + (timeLeft/1000) + " more seconds");
}
- access.log(Level.INFO, key, "has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
- ++miss;
}
}
}
private long timetolive;
private long tries;
+
+ private final String name;
- public Miss(byte[] first, long timeInterval) {
+ public Miss(final byte[] first, final long timeInterval, final String name) {
timestamp = System.currentTimeMillis() + timeInterval;
this.timetolive = timeInterval;
tries = 0L;
+ this.name = name;
}
}
return true;
}
+
}
/**
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_LUR_CLASS = "aaf_lur_class";
public static final String AAF_TAF_CLASS = "aaf_taf_class";
- public static final String AAF_TAF_CLASS_DEF = "org.osaaf.cadi.aaf.v2_0.AAFTaf";
+ public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf";
public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class";
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout";
@Override
public String personalName() {
- return null; // personalName not available with Basic Auth
+ return name; // personalName not available with Basic Auth
}
}
assertTrue(Math.abs(bp.created() - created) < 10);
assertThat(bp.toString(), is(expected));
assertThat(bp.tag(), is("BAth"));
- assertThat(bp.personalName(), is(nullValue()));
+ assertThat(bp.personalName(), is(bp.getName()));
// This test hits the abstract class BearerPrincipal
assertThat(bp.getBearer(), is(bearer));