2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.aaf.v2_0;
24 import java.security.Principal;
25 import java.util.ArrayList;
26 import java.util.Date;
27 import java.util.List;
29 import org.onap.aaf.cadi.AbsUserCache;
30 import org.onap.aaf.cadi.Access.Level;
31 import org.onap.aaf.cadi.CachingLur;
32 import org.onap.aaf.cadi.Lur;
33 import org.onap.aaf.cadi.Permission;
34 import org.onap.aaf.cadi.User;
35 import org.onap.aaf.cadi.aaf.AAFPermission;
36 import org.onap.aaf.cadi.config.Config;
37 import org.onap.aaf.misc.env.APIException;
38 import org.onap.aaf.misc.env.util.Split;
40 public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
41 protected static final byte[] BLANK_PASSWORD = new byte[0];
42 private String[] debug = null;
44 public Lur preemptiveLur=null; // Initial Use is for OAuth2, preemptive Lur
45 private String[] supports;
47 public AbsAAFLur(AAFCon<?> con) throws APIException {
48 super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);
51 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
54 public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws APIException {
58 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
62 public void setDebug(String ids) {
63 this.debug = ids==null?null:Split.split(',', ids);
66 public void setPreemptiveLur(Lur preemptive) {
67 this.preemptiveLur = preemptive;
70 protected abstract User<PERM> loadUser(Principal bait);
73 public final boolean handles(Principal principal) {
74 if(preemptiveLur!=null) {
75 if(preemptiveLur.handles(principal)) {
79 String userName=principal.getName();
81 for(String s : supports) {
82 if(userName.endsWith(s))
90 protected abstract boolean isCorrectPermType(Permission pond);
92 // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
93 public boolean fish(Principal bait, Permission ... pond) {
94 if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
95 return preemptiveLur.fish(bait, pond);
102 StringBuilder sb = new StringBuilder("Log for ");
105 User<PERM> user = getUser(bait);
107 sb.append("\n\tUser is not in Cache");
110 sb.append("\n\tUser has no Perms");
112 if(user.permExpired()) {
113 sb.append("\n\tUser's perm expired [");
114 sb.append(new Date(user.permExpires()));
117 sb.append("\n\tUser's perm expires [");
118 sb.append(new Date(user.permExpires()));
122 if(user==null || user.permsUnloaded() || user.permExpired()) {
123 user = loadUser(bait);
124 sb.append("\n\tloadUser called");
126 for (Permission p : pond) {
128 sb.append("\n\tUser was not Loaded");
130 } else if(user.contains(p)) {
131 sb.append("\n\tUser contains ");
132 sb.append(p.getKey());
135 sb.append("\n\tUser does not contain ");
136 sb.append(p.getKey());
137 List<Permission> perms = new ArrayList<>();
138 user.copyPermsTo(perms);
139 for(Permission perm : perms) {
141 sb.append(perm.getKey());
146 sb.append("AAF Lur does not support [");
150 aaf.access.log(Level.INFO, sb);
155 User<PERM> user = getUser(bait);
156 if(user==null || user.permsUnloaded() || user.permExpired()) {
157 user = loadUser(bait);
162 for(Permission p : pond) {
163 if(rv=user.contains(p)) {
174 public void fishAll(Principal bait, List<Permission> perms) {
175 if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
176 preemptiveLur.fishAll(bait, perms);
179 StringBuilder sb = new StringBuilder("Log for ");
182 User<PERM> user = getUser(bait);
184 sb.append("\n\tUser is not in Cache");
187 sb.append("\n\tUser has no Perms");
189 if(user.permExpired()) {
190 sb.append("\n\tUser's perm expired [");
191 sb.append(new Date(user.permExpires()));
194 sb.append("\n\tUser's perm expires [");
195 sb.append(new Date(user.permExpires()));
199 if(user==null || user.permsUnloaded() || user.permExpired()) {
200 user = loadUser(bait);
201 sb.append("\n\tloadUser called");
204 sb.append("\n\tUser was not Loaded");
206 sb.append("\n\tCopying Perms ");
207 user.copyPermsTo(perms);
208 for(Permission p : perms) {
210 sb.append(p.getKey());
214 sb.append("AAF Lur does not support [");
218 aaf.access.log(Level.INFO, sb);
221 User<PERM> user = getUser(bait);
222 if(user==null || user.permsUnloaded() || user.permExpired()) {
223 user = loadUser(bait);
226 user.copyPermsTo(perms);
234 public void remove(String user) {
238 private boolean isDebug(Principal p) {
240 if(debug.length==1 && "all".equals(debug[0])) {
243 String name = p.getName();
244 for(String s : debug) {
253 * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.
261 public<A> void fishOneOf(Principal princ, A obj, String type, String instance, List<Action<A>> actions) {
262 User<PERM> user = getUser(princ);
263 if(user==null || user.permsUnloaded() || user.permExpired()) {
264 user = loadUser(princ);
267 ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);
268 for(Action<A> action : actions) {
269 perm.setAction(action.getName());
270 if(user.contains(perm)) {
271 if(action.exec(obj))return;
277 public static interface Action<A> {
278 public String getName();
280 * Return false to continue, True to end now
283 public boolean exec(A a);
286 private class ReuseAAFPermission extends AAFPermission {
287 public ReuseAAFPermission(String type, String instance) {
288 super(type,instance,null,null);
291 public void setAction(String s) {
296 * This function understands that AAF Keys are hierarchical, :A:B:C,
297 * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit
Code Review / aaf / authz.git / blob