import org.onap.aaf.auth.org.Mailer;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
public class DefaultOrg implements Organization {
private static final String AAF_DATA_DIR = "aaf_data_dir";
- private static final String PROPERTY_IS_REQUIRED = " property is Required";
// Package on Purpose
final String domain;
final String atDomain;
final String realm;
+
+ private final String root_ns;
- private final String NAME,mailHost,mailFrom;
+ private final String NAME;
private final Set<String> supportedRealms;
+
public DefaultOrg(Env env, String realm) throws OrganizationException {
this.realm = realm;
supportedRealms.add(realm);
domain=FQI.reverseDomain(realm);
atDomain = '@'+domain;
- String s;
NAME=env.getProperty(realm + ".name","Default Organization");
- mailHost = env.getProperty(s=(realm + ".mailHost"), null);
- if (mailHost==null) {
- throw new OrganizationException(s + PROPERTY_IS_REQUIRED);
- }
- mailFrom = env.getProperty(s=(realm + ".mailFrom"), null);
- if (mailFrom==null) {
- throw new OrganizationException(s + PROPERTY_IS_REQUIRED);
- }
+ root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
- // Note: This code is to avoid including javax.mail into ONAP, because there are security/licence
- // exceptions
- try {
- Class.forName("javax.mail.Session"); // ensure package is loaded
- @SuppressWarnings("unchecked")
- Class<Mailer> minst = (Class<Mailer>)Class.forName("org.onap.aaf.org.JavaxMailer");
- mailer = minst.newInstance();
- } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e1) {
- env.warn().log("JavaxMailer not loaded. Mailing disabled");
- }
-
- System.getProperties().setProperty("mail.smtp.host",mailHost);
- System.getProperties().setProperty("mail.user", mailFrom);
-
try {
String defFile;
String temp=env.getProperty(defFile = (getClass().getName()+".file"));
identities = new Identities(fIdentities);
} else {
if (fIdentities==null) {
- throw new OrganizationException("No Identities");
+ throw new OrganizationException("No Identities: set \"" + AAF_DATA_DIR + '"');
} else {
throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
}
return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
}
- // Note: Return a null if found; return a String Message explaining why not found.
+ /* (non-Javadoc)
+ * @see org.onap.aaf.auth.org.Organization#getEsclaations(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, int)
+ */
+ @Override
+ public List<Identity> getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException {
+ List<Identity> rv = new ArrayList<>();
+ int end = Math.min(3,Math.abs(escalate));
+ Identity id = null;
+ for(int i=0;i<end;++i) {
+ if(id==null) {
+ id = getIdentity(trans,user);
+ } else {
+ id = id.responsibleTo();
+ }
+ if(id==null) {
+ break;
+ } else {
+ rv.add(id);
+ }
+ }
+ return rv;
+ }
+
+ // Note: Return a null if found; return a String Message explaining why not found.
@Override
public String isValidID(final AuthzTrans trans, final String id) {
try {
@Override
public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {
+ String user;
switch(policy) {
case OWNS_MECHID:
case CREATE_MECHID:
case CREATE_MECHID_BY_PERM_ONLY:
return getName() + " only allows sponsors to create MechIDs";
+ case MAY_EXTEND_CRED_EXPIRES:
+ // If parm, use it, otherwise, trans
+ user = vars.length>1?vars[1]:trans.user();
+ return executor.hasPermission(user, root_ns,"password", root_ns , "extend")
+ ?null:user + " does not have permission to extend passwords at " + getName();
+
default:
return policy.name() + " is unsupported at " + getName();
}
public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body,
Boolean urgent) throws OrganizationException {
if (mailer!=null) {
+ String mailFrom = mailer.mailFrom();
List<String> to = new ArrayList<>();
for (String em : toList) {
if (em.indexOf('@')<0) {
}
}
- return mailer.sendEmail(trans,dryRun,mailFrom,to,cc,subject,body,urgent);
+ return mailer.sendEmail(trans,dryRun?"DefaultOrg":null,to,cc,subject,body,urgent)?0:1;
} else {
return 0;
}
}
+
+ @Override
+ public boolean mayAutoDelete(AuthzTrans trans, String user) {
+ // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
+ return false;
+ }
}
Code Review / aaf / authz.git / blobdiff