2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package com.att.aaf.cadi.cass;
25 import java.io.FileInputStream;
26 import java.io.InputStream;
27 import java.net.HttpURLConnection;
29 import java.util.HashSet;
30 import java.util.Properties;
33 import org.apache.cassandra.auth.DataResource;
34 import org.apache.cassandra.auth.IAuthenticator;
35 import org.apache.cassandra.config.DatabaseDescriptor;
36 import org.apache.cassandra.exceptions.ConfigurationException;
37 import org.onap.aaf.cadi.Access;
38 import org.onap.aaf.cadi.Access.Level;
39 import org.onap.aaf.cadi.Lur;
40 import org.onap.aaf.cadi.PropAccess;
41 import org.onap.aaf.cadi.aaf.AAFPermission;
42 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
43 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
44 import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
45 import org.onap.aaf.cadi.config.Config;
46 import org.onap.aaf.cadi.config.SecurityInfoC;
47 import org.onap.aaf.cadi.lur.EpiLur;
48 import org.onap.aaf.cadi.lur.LocalLur;
50 public abstract class AAFBase {
51 protected static final Set<IAuthenticator.Option> options;
52 protected static final Set<DataResource> dataResource;
55 options = new HashSet<IAuthenticator.Option>();
56 options.add(IAuthenticator.Option.PASSWORD);
58 dataResource = new HashSet<DataResource>();
59 dataResource.add(DataResource.columnFamily("system_auth", "credentials"));
62 protected static Access access;
63 protected static LocalLur localLur;
64 protected static AAFCon<?> aafcon;
65 protected static AAFAuthn<?> aafAuthn;
66 protected static AbsAAFLur<AAFPermission> aafLur;
67 protected static String default_realm;
68 protected static String cluster_name;
69 protected static String perm_type;
70 private static boolean props_ok = false;
73 * If you use your own Access Class, this must be called before
74 * "setup()" is invoked by Cassandra.
76 * Otherwise, it will default to reading Properties CADI style.
80 public static void setAccess(Access access) {
81 AAFBase.access = access;
85 public void validateConfiguration() throws ConfigurationException {
88 throw new ConfigurationException("AAF not initialized");
92 @SuppressWarnings("unchecked")
93 public synchronized void setup() {
94 if(aafAuthn == null) {
97 String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");
98 Properties initial = new Properties();
99 URL cadi_props = ClassLoader.getSystemResource(value);
100 if(cadi_props == null) {
101 File cp = new File(value);
103 InputStream is = new FileInputStream(cp);
110 System.out.printf("%s does not exist as File or in Classpath\n",value);
111 initial.setProperty(Config.CADI_PROP_FILES, value);
114 InputStream is = cadi_props.openStream();
121 access = new PropAccess(initial);
124 if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {
127 perm_type = perm_type + ".cass";
130 if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {
131 if((cluster_name = DatabaseDescriptor.getClusterName())==null) {
136 if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {
140 if(props_ok==false) {
144 // AAFLur has pool of DME clients as needed, and Caches Client lookups
145 SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
146 Lur lur = Config.configLur(si,aafcon);
147 // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon
148 if(lur instanceof EpiLur) {
149 EpiLur elur = (EpiLur)lur;
150 for(int i=0; (lur = elur.get(i))!=null;++i) {
151 if(lur instanceof AbsAAFLur) {
152 aafLur=(AbsAAFLur<AAFPermission>)lur;
154 aafAuthn = aafLur.aaf.newAuthn(aafLur);
156 } else if(lur instanceof LocalLur) {
157 localLur = (LocalLur)lur;
160 } else if(lur instanceof AbsAAFLur) {
161 aafLur=(AbsAAFLur<AAFPermission>)lur;
163 aafAuthn = aafLur.aaf.newAuthn(aafLur);
166 access.log(Level.INIT,"Failed to instantiate full AAF access");
169 } catch (Exception e) {
171 if(access!=null)access.log(e, "Failed to initialize AAF");
177 public Set<DataResource> protectedResources() {
178 access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");
182 public Set<IAuthenticator.Option> supportedOptions() {
183 access.log(Level.DEBUG, "supportedOptions() called");
187 public Set<IAuthenticator.Option> alterableOptions() {
188 access.log(Level.DEBUG, "alterableOptions() called");