2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.direct;
24 import static org.onap.aaf.auth.layer.Result.OK;
26 import java.security.Principal;
27 import java.util.List;
29 import org.onap.aaf.auth.dao.cass.NsSplit;
30 import org.onap.aaf.auth.dao.cass.PermDAO;
31 import org.onap.aaf.auth.dao.cass.Status;
32 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
33 import org.onap.aaf.auth.dao.hl.Question;
34 import org.onap.aaf.auth.env.AuthzEnv;
35 import org.onap.aaf.auth.env.AuthzTrans;
36 import org.onap.aaf.auth.env.NullTrans;
37 import org.onap.aaf.auth.layer.Result;
38 import org.onap.aaf.cadi.Lur;
39 import org.onap.aaf.cadi.Permission;
40 import org.onap.aaf.cadi.Access.Level;
41 import org.onap.aaf.cadi.lur.LocalPermission;
42 import org.onap.aaf.misc.env.util.Split;
44 public class DirectAAFLur implements Lur {
45 private final AuthzEnv env;
46 private final Question question;
48 public DirectAAFLur(AuthzEnv env, Question question/*, TokenMgr tm*/) {
50 this.question = question;
51 // oauth = new OAuth2Lur(null);
55 public boolean fish(Principal bait, Permission pond) {
56 return fish(env.newTransNoAvg(),bait,pond);
59 public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {
60 Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);
63 for(PermDAO.Data d : pdr.value) {
64 if(new PermPermission(d).match(pond)) {
69 case Status.ERR_UserRoleNotFound:
70 case Status.ERR_BadData:
73 trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);
79 public void fishAll(Principal bait, List<Permission> permissions) {
80 Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);
83 for(PermDAO.Data d : pdr.value) {
84 permissions.add(new PermPermission(d));
88 env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);
93 public void destroy() {
97 public boolean handlesExclusively(Permission pond) {
102 * Small Class implementing CADI's Permission with Cassandra Data
106 public static class PermPermission implements Permission {
107 private PermDAO.Data data;
109 public PermPermission(PermDAO.Data d) {
113 public PermPermission(AuthzTrans trans, Question q, String p) {
114 data = PermDAO.Data.create(trans, q, p);
117 public PermPermission(String ns, String type, String instance, String action) {
118 data = new PermDAO.Data();
121 data.instance = instance;
122 data.action = action;
126 public String getKey() {
131 public boolean match(Permission p) {
136 if(p instanceof DirectAAFLur.PermPermission) {
137 pd = ((DirectAAFLur.PermPermission)p).data;
138 if(data.ns.equals(pd.ns))
139 if(data.type.equals(pd.type))
140 if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))
141 if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))
144 String[] lp = p.getKey().split("\\|");
145 if(lp.length<3)return false;
146 if(data.fullType().equals(lp[0]))
147 if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))
148 if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))
155 public String permType() {
161 public String toString() {
162 return "DirectAAFLur is enabled";
167 * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
170 public boolean handles(Principal principal) {
175 public Permission createPerm(String p) {
176 String[] params = Split.split('|', p);
177 if(params.length==3) {
178 Result<NsSplit> nss = question.deriveNsSplit(NullTrans.singleton(), params[0]);
180 return new PermPermission(nss.value.ns,nss.value.name,params[1],params[2]);
183 return new LocalPermission(p);
187 public void clear(Principal p, StringBuilder sb) {
188 AuthzTrans trans = env.newTrans();
189 question.clearCache(trans,"all");
190 env.log(Level.AUDIT, p.getName(), "has cleared Cache for",getClass().getSimpleName());
191 trans.auditTrail(0, sb);