* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
final String domain;
final String atDomain;
final String realm;
-
+
private final String NAME,mailHost,mailFrom;
+ private final Set<String> supportedRealms;
+
public DefaultOrg(Env env, String realm) throws OrganizationException {
+
this.realm = realm;
+ supportedRealms=new HashSet<>();
+ supportedRealms.add(realm);
domain=FQI.reverseDomain(realm);
atDomain = '@'+domain;
String s;
if(mailFrom==null) {
throw new OrganizationException(s + PROPERTY_IS_REQUIRED);
}
-
+
System.getProperties().setProperty("mail.smtp.host",mailHost);
System.getProperties().setProperty("mail.user", mailFrom);
// Get the default Session object.
if(temp==null) {
temp = env.getProperty(AAF_DATA_DIR);
if(temp!=null) {
- env.warn().log(defFile, "is not defined. Using default: ",temp+"/identities.dat");
+ env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat");
File dir = new File(temp);
fIdentities=new File(dir,"identities.dat");
+
if(!fIdentities.exists()) {
env.warn().log("No",fIdentities.getCanonicalPath(),"exists. Creating.");
if(!dir.exists()) {
}
}
}
-
+
if(fIdentities!=null && fIdentities.exists()) {
identities = new Identities(fIdentities);
} else {
throw new OrganizationException(e);
}
}
-
+
// Implement your own Delegation System
- static final List<String> NULL_DELEGATES = new ArrayList<String>();
+ static final List<String> NULL_DELEGATES = new ArrayList<>();
public Identities identities;
private boolean dryRun;
private Session session;
public enum Types {Employee, Contractor, Application, NotActive};
private final static Set<String> typeSet;
-
+
static {
- typeSet = new HashSet<String>();
+ typeSet = new HashSet<>();
for(Types t : Types.values()) {
typeSet.add(t.name());
}
}
-
+
private static final EmailWarnings emailWarnings = new DefaultOrgWarnings();
@Override
return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
}
- // Note: Return a null if found; return a String Message explaining why not found.
+ // Note: Return a null if found; return a String Message explaining why not found.
@Override
public String isValidID(final AuthzTrans trans, final String id) {
try {
// if(!id.regionMatches(at+1, domain, 0, id.length()-at-1)) {
// return false;
// }
- sid = id.substring(0,at);
+ sid = id.substring(0,at);
} else {
sid = id;
}
// We'll validate that it exists, rather than check patterns.
-
+
return isValidID(trans, sid)==null;
// Check Pattern (if checking existing is too long)
// if(id.endsWith(SUFFIX) && ID_PATTERN.matcher(id).matches()) {
// return true;
// }
- // return false;
+ // return false;
}
private static final String SPEC_CHARS = "!@#$%^*-+?/,:;.";
public Response notify(AuthzTrans trans, Notify type, String url, String[] identities, String[] ccs, String summary, Boolean urgent) {
String system = trans.getProperty("CASS_ENV", "");
- ArrayList<String> toList = new ArrayList<String>();
+ ArrayList<String> toList = new ArrayList<>();
Identity identity;
if (identities != null) {
for (String user : identities) {
return Response.ERR_NotificationFailure;
}
- ArrayList<String> ccList = new ArrayList<String>();
+ ArrayList<String> ccList = new ArrayList<>();
// If we're sending an urgent email, CC the user's supervisor
//
+ "Please follow this link: \n\n\t" + url
+ "\n\n" + summary, urgent);
} catch (Exception e) {
+
trans.error().log(e, "Failure to send Email");
return Response.ERR_NotificationFailure;
}
@Override
public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body,
Boolean urgent) throws OrganizationException {
+
int status = 1;
-
- List<String> to = new ArrayList<String>();
+
+ List<String> to = new ArrayList<>();
for(String em : toList) {
if(em.indexOf('@')<0) {
to.add(new DefaultOrgIdentity(trans, em, this).email());
to.add(em);
}
}
-
- List<String> cc = new ArrayList<String>();
+
+ List<String> cc = new ArrayList<>();
if(ccList!=null) {
if(!ccList.isEmpty()) {
-
+
for(String em : ccList) {
if(em.indexOf('@')<0) {
cc.add(new DefaultOrgIdentity(trans, em, this).email());
}
}
}
-
+
// for now, I want all emails so we can see what goes out. Remove later
if (!ccList.contains(mailFrom)) {
ccList.add(mailFrom);
// Now set the actual message
message.setText(body);
} else {
+
// override recipients
message.addRecipients(Message.RecipientType.TO,
InternetAddress.parse(mailFrom));
message.addHeader("X-Priority", "1");
}
- ArrayList<String> newBody = new ArrayList<String>();
+ ArrayList<String> newBody = new ArrayList<>();
Address temp[] = getAddresses(to);
String headerString = "TO:\t" + InternetAddress.toString(temp) + "\n";
status = 0;
} catch (MessagingException mex) {
+ System.out.println("Error messaging: "+ mex.getMessage());
+ System.out.println("Error messaging: "+ mex.toString());
throw new OrganizationException("Exception send email message "
+ mex.getMessage());
}
- return status;
+ return status;
}
/**
@Override
public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String... extra) {
- GregorianCalendar now = new GregorianCalendar();
- GregorianCalendar rv = gc==null?now:(GregorianCalendar)gc.clone();
+ GregorianCalendar now = new GregorianCalendar();
+ GregorianCalendar rv = gc==null?now:(GregorianCalendar)gc.clone();
switch (exp) {
case ExtendPassword:
// Extending Password give 5 extra days, max 8 days from now
@Override
public List<Identity> getApprovers(AuthzTrans trans, String user) throws OrganizationException {
Identity orgIdentity = getIdentity(trans, user);
- List<Identity> orgIdentitys = new ArrayList<Identity>();
+ List<Identity> orgIdentitys = new ArrayList<>();
if(orgIdentity!=null) {
Identity supervisor = orgIdentity.responsibleTo();
if(supervisor!=null) {
orgIdentitys.add(supervisor);
}
}
- return orgIdentitys;
+ return orgIdentitys;
}
@Override
@Override
public boolean canHaveMultipleCreds(String id) {
// External entities are likely mono-password... if you change it, it is a global change.
- // This is great for people, but horrible for Applications.
+ // This is great for people, but horrible for Applications.
//
// AAF's Password can have multiple Passwords, each with their own Expiration Date.
// For Default Org, we'll assume true for all, but when you add your external
}
}
return null;
-
+
case CREATE_MECHID_BY_PERM_ONLY:
return getName() + " only allows sponsors to create MechIDs";
-
+
default:
return policy.name() + " is unsupported at " + getName();
- }
+ }
}
@Override
return this.getAddresses(strAddress,";");
}
/**
- * Convert the delimiter String into Internet addresses with the
+ * Convert the delimiter String into Internet addresses with the
* delimiter of provided
- * @param strAddress
+ * @param strAddresses
* @param delimiter
* @return
*/
int count = 0;
for (String addr : strAddresses)
{
- try{
- addressArray[count] = new InternetAddress(addr);
- count++;
- }catch(Exception e){
- throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage());
- }
- }
- return addressArray;
+ try{
+ addressArray[count] = new InternetAddress(addr);
+ count++;
+ }catch(Exception e){
+ throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage());
+ }
+ }
+ return addressArray;
+ }
+
+ private String extractRealm(final String r) {
+ int at;
+ if((at=r.indexOf('@'))>=0) {
+ return FQI.reverseDomain(r.substring(at+1));
+ }
+ return r;
+ }
+ @Override
+ public boolean supportsRealm(final String r) {
+ if(r.endsWith(realm)) {
+ return true;
+ } else {
+ String erealm = extractRealm(r);
+ for(String sr : supportedRealms) {
+ if(erealm.startsWith(sr)) {
+ return true;
+ }
+ }
+ }
+ return false;
}
-
+ @Override
+ public synchronized void addSupportedRealm(final String r) {
+ supportedRealms.add(extractRealm(r));
}
+
+}
Code Review / aaf / authz.git / blobdiff