2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.olur;
24 import java.security.Principal;
25 import java.util.HashSet;
26 import java.util.List;
29 import org.onap.aaf.cadi.Access.Level;
30 import org.onap.aaf.cadi.CadiException;
31 import org.onap.aaf.cadi.LocatorException;
32 import org.onap.aaf.cadi.Lur;
33 import org.onap.aaf.cadi.Permission;
34 import org.onap.aaf.cadi.PropAccess;
35 import org.onap.aaf.cadi.aaf.AAFPermission;
36 import org.onap.aaf.cadi.client.Result;
37 import org.onap.aaf.cadi.lur.LocalPermission;
38 import org.onap.aaf.cadi.oauth.AbsOTafLur;
39 import org.onap.aaf.cadi.oauth.OAuth2Principal;
40 import org.onap.aaf.cadi.oauth.TimedToken;
41 import org.onap.aaf.cadi.oauth.TokenClient;
42 import org.onap.aaf.cadi.oauth.TokenPerm;
43 import org.onap.aaf.cadi.principal.Kind;
44 import org.onap.aaf.misc.env.APIException;
45 import org.onap.aaf.misc.env.util.Pool.Pooled;
46 import org.onap.aaf.misc.env.util.Split;
48 public class OLur extends AbsOTafLur implements Lur {
49 public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
50 super(access, token_url, introspect_url);
54 * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
57 public boolean fish(Principal bait, Permission ... pond) {
59 if(bait instanceof OAuth2Principal) {
60 OAuth2Principal oa2p = (OAuth2Principal)bait;
61 tp = oa2p.tokenPerm();
66 // if no Token Perm preset, get
68 Pooled<TokenClient> tcp = tokenClientPool.get();
70 TokenClient tc = tcp.content;
71 tc.username(bait.getName());
72 Set<String> scopeSet = new HashSet<>();
73 scopeSet.add(tc.defaultScope());
75 for (Permission p : pond) {
76 ap = (AAFPermission)p;
77 scopeSet.add(ap.getNS());
79 String[] scopes = new String[scopeSet.size()];
80 scopeSet.toArray(scopes);
82 Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
84 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
92 } catch (APIException | LocatorException | CadiException e) {
93 access.log(e, "Unable to Get a Token");
99 if(tkMgr.access.willLog(Level.DEBUG)) {
100 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
101 sb.append(bait.getName());
102 sb.append(", from token ");
103 sb.append(tp.get().getAccessToken());
104 for (AAFPermission p : tp.perms()) {
106 sb.append(p.getNS());
108 sb.append(p.getType());
110 sb.append(p.getInstance());
112 sb.append(p.getAction());
115 access.log(Level.DEBUG, sb);
117 for (Permission p : pond) {
121 for (AAFPermission perm : tp.perms()) {
122 if (rv=perm.match(p)) {
132 * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
135 public void fishAll(Principal bait, List<Permission> permissions) {
136 if(bait instanceof OAuth2Principal) {
137 for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
144 * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
147 public boolean handlesExclusively(Permission ... pond) {
152 * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
155 public boolean handles(Principal principal) {
156 return principal instanceof OAuth2Principal;
160 * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
163 public Permission createPerm(final String p) {
164 String[] s = Split.split('|',p);
167 return new AAFPermission(null, s[0],s[1],s[2]);
169 return new AAFPermission(s[0],s[1],s[2],s[3]);
171 return new LocalPermission(p);