2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.aaf;
24 import java.util.ArrayList;
25 import java.util.List;
27 import org.onap.aaf.cadi.Permission;
28 import org.onap.aaf.misc.env.util.Split;
31 * A Class that understands the AAF format of Permission (name/type/action)
32 * or String "name|type|action"
37 public class AAFPermission implements Permission {
38 private static final List<String> NO_ROLES;
39 protected String ns,type,instance,action,key;
40 private List<String> roles;
43 NO_ROLES = new ArrayList<>();
46 protected AAFPermission() {roles=NO_ROLES;}
48 public AAFPermission(String ns, String name, String instance, String action) {
51 this.instance = instance;
54 key = type + '|' + instance + '|' + action;
56 key = ns + '|' + type + '|' + instance + '|' + action;
58 this.roles = NO_ROLES;
62 public AAFPermission(String ns, String name, String instance, String action, List<String> roles) {
65 this.instance = instance;
68 key = type + '|' + instance + '|' + action;
70 key = ns + '|' + type + '|' + instance + '|' + action;
72 this.roles = roles==null?NO_ROLES:roles;
77 * if Permission is Fielded type "Permission", we use the fields
78 * otherwise, we split the Permission with '|'
80 * when the type or action starts with REGEX indicator character ( ! ),
81 * then it is evaluated as a regular expression.
83 * If you want a simple field comparison, it is faster without REGEX
85 public boolean match(Permission p) {
90 if(p instanceof AAFPermission) {
91 AAFPermission ap = (AAFPermission)p;
92 // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
93 // Current solution is only allow direct match on Type.
94 // 8/28/2014 Jonathan - added REGEX ability
96 aafType = ap.getType();
97 aafInstance = ap.getInstance();
98 aafAction = ap.getAction();
100 // Permission is concatenated together: separated by
101 String[] aaf = Split.splitTrim('|', p.getKey());
106 aafInstance = aafAction = "*";
111 aafInstance = aafAction = "*";
116 aafInstance = aaf[2];
122 aafInstance = aaf[2];
130 typeMatches = aafType.equals(type);
132 typeMatches = aafType.equals(ns+'.'+type);
134 } else if(ns==null) {
135 typeMatches = type.equals(aafNS+'.'+aafType);
136 } else if(aafNS.length() == ns.length()) {
137 typeMatches = aafNS.equals(ns) && aafType.equals(type);
138 } else { // Allow for restructuring of NS/Perm structure
139 typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
141 return (typeMatches &&
142 PermEval.evalInstance(instance, aafInstance) &&
143 PermEval.evalAction(action, aafAction));
146 public String getNS() {
150 public String getType() {
154 public String getFullType() {
155 return ns + '.' + type;
158 public String getInstance() {
162 public String getAction() {
166 public String getKey() {
171 * @see org.onap.aaf.cadi.Permission#permType()
173 public String permType() {
177 public List<String> roles() {
180 public String toString() {
181 return "AAFPermission:" +
183 "\n\tType: " + type +
184 "\n\tInstance: " + instance +
185 "\n\tAction: " + action +
Code Review / aaf / authz.git / blob