import org.onap.aaf.misc.env.TimeTaken;
public class API_AAFAccess {
-// private static String service, version, envContext;
+// private static String service, version, envContext;
- private static final String GET_PERMS_BY_USER = "Get Perms by User";
- private static final String USER_HAS_PERM ="User Has Perm";
-// private static final String USER_IN_ROLE ="User Has Role";
-
- /**
- * Normal Init level APIs
- *
- * @param gwAPI
- * @param facade
- * @throws Exception
- */
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
-
-
- gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
- @Override
- public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
- TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
- try {
- final String accept = req.getHeader("ACCEPT");
- final String user = pathParam(req,":user");
- if(!user.contains("@")) {
- context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
- return;
- }
- final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
- TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
- Dated d;
- try {
- d = gwAPI.cacheUser.get(key);
- } finally {
- tt2.done();
- }
-
- if(d==null || d.data.isEmpty()) {
- tt2 = trans.start("AAF Service Call",Env.REMOTE);
- try {
- gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
- @Override
- public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
- Future<String> fp = client.read("/authz/perms/user/"+user,accept);
- if(fp.get(5000)) {
- gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
- resp.setStatus(HttpStatus.OK_200);
- ServletOutputStream sos;
- try {
- sos = resp.getOutputStream();
- sos.print(fp.value);
- } catch (IOException e) {
- throw new CadiException(e);
- }
- } else {
- gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
- context.error(trans,resp,fp.code(),fp.body());
- }
- return null;
- }
- });
- } finally {
- tt2.done();
- }
- } else {
- User u = (User)d.data.get(0);
- resp.setStatus(u.code);
- ServletOutputStream sos = resp.getOutputStream();
- sos.print(u.resp);
- }
- } finally {
- tt.done();
- }
- }
- });
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";
+ private static final String USER_HAS_PERM ="User Has Perm";
+// private static final String USER_IN_ROLE ="User Has Role";
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+
+
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
+ try {
+ final String accept = req.getHeader("ACCEPT");
+ final String user = pathParam(req,":user");
+ if(!user.contains("@")) {
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
+ return;
+ }
+ final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
+ Dated d;
+ try {
+ d = gwAPI.cacheUser.get(key);
+ } finally {
+ tt2.done();
+ }
+
+ if(d==null || d.data.isEmpty()) {
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);
+ if(fp.get(5000)) {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ resp.setStatus(HttpStatus.OK_200);
+ ServletOutputStream sos;
+ try {
+ sos = resp.getOutputStream();
+ sos.print(fp.value);
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ } else {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ context.error(trans,resp,fp.code(),fp.body());
+ }
+ return null;
+ }
+ });
+ } finally {
+ tt2.done();
+ }
+ } else {
+ User u = (User)d.data.get(0);
+ resp.setStatus(u.code);
+ ServletOutputStream sos = resp.getOutputStream();
+ sos.print(u.resp);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ });
- gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade)
- ,"text/plain","*/*","*");
+ gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade)
+ ,"text/plain","*/*","*");
- /**
- * Query User Has Perm is DEPRECATED
- *
- * Need to move towards NS declaration... is this even being used?
- * @deprecated
- */
- gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) {
- @Override
- public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- String type = pathParam(req,":type");
- int idx = type.lastIndexOf('.');
- String ns = type.substring(0,idx);
- type = type.substring(idx+1);
- resp.getOutputStream().print(
- gwAPI.aafLurPerm.fish(new Principal() {
- public String getName() {
- return pathParam(req,":user");
- };
- }, new AAFPermission(
- ns,
- type,
- pathParam(req,":instance"),
- pathParam(req,":action"))));
- resp.setStatus(HttpStatus.OK_200);
- } catch(Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
+ /**
+ * Query User Has Perm is DEPRECATED
+ *
+ * Need to move towards NS declaration... is this even being used?
+ * @deprecated
+ */
+ gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ String type = pathParam(req,":type");
+ int idx = type.lastIndexOf('.');
+ String ns = type.substring(0,idx);
+ type = type.substring(idx+1);
+ resp.getOutputStream().print(
+ gwAPI.aafLurPerm.fish(new Principal() {
+ public String getName() {
+ return pathParam(req,":user");
+ };
+ }, new AAFPermission(
+ ns,
+ type,
+ pathParam(req,":instance"),
+ pathParam(req,":action"))));
+ resp.setStatus(HttpStatus.OK_200);
+ } catch(Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
- gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
- "gui/"+pathParam(req,":path"));
- } catch (LocatorException e) {
- context.error(trans, resp, Result.ERR_BadData, e.getMessage());
- } catch (Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
+ gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
+ "gui/"+pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
- gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new LocateCode(facade,"Access PROD GUI for AAF", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
- pathParam(req,":path"));
- } catch (LocatorException e) {
- context.error(trans, resp, Result.ERR_BadData, e.getMessage());
- } catch (Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
- }
-
- public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+ gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new LocateCode(facade,"Access PROD GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
+
+ public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
- /**
- * "login" url
- */
- gwAPI.route(HttpMethods.GET,"/login",API.VOID,new LocateCode(facade,"Access Login GUI for AAF", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
- "login");
- } catch (LocatorException e) {
- context.error(trans, resp, Result.ERR_BadData, e.getMessage());
- } catch (Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
+ /**
+ * "login" url
+ */
+ gwAPI.route(HttpMethods.GET,"/login",API.VOID,new LocateCode(facade,"Access Login GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
+ "login");
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
-
- /**
- * Default URL
- */
- gwAPI.route(HttpMethods.GET,"/",API.VOID,new LocateCode(facade,"Access GUI for AAF", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
- "gui/home");
- } catch (Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
-
- /**
- * Configuration
- */
- gwAPI.route(HttpMethods.GET,"/configure/:id/:type",API.CONFIG,new LocateCode(facade,"Deliver Configuration Properties to AAF", true) {
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- try {
- Result<Void> r = facade.getConfig(trans, req, resp, pathParam(req, ":id"),pathParam(req,":type"));
- switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
- break;
- default:
- context.error(trans,resp,r);
- }
+
+ /**
+ * Default URL
+ */
+ gwAPI.route(HttpMethods.GET,"/",API.VOID,new LocateCode(facade,"Access GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
+ "gui/home");
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ /**
+ * Configuration
+ */
+ gwAPI.route(HttpMethods.GET,"/configure/:id/:type",API.CONFIG,new LocateCode(facade,"Deliver Configuration Properties to AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ Result<Void> r = facade.getConfig(trans, req, resp, pathParam(req, ":id"),pathParam(req,":type"));
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
- } catch (Exception e) {
- context.error(trans, resp, Result.ERR_General, e.getMessage());
- }
- }
- });
- }
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
- private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
- try {
- if(loc.hasItems()) {
- Item item = loc.best();
- URI uri = loc.get(item);
- StringBuilder redirectURL = new StringBuilder(uri.toString());
- redirectURL.append('/');
- redirectURL.append(path);
- String str = req.getQueryString();
- if(str!=null) {
- redirectURL.append('?');
- redirectURL.append(str);
- }
- trans.info().log("Redirect to",redirectURL);
- resp.sendRedirect(redirectURL.toString());
- } else {
- context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
- }
- } catch (LocatorException e) {
- context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Endpoints found for %s",req.getPathInfo()));
- }
- }
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
+ try {
+ if(loc.hasItems()) {
+ Item item = loc.best();
+ URI uri = loc.get(item);
+ StringBuilder redirectURL = new StringBuilder(uri.toString());
+ redirectURL.append('/');
+ redirectURL.append(path);
+ String str = req.getQueryString();
+ if(str!=null) {
+ redirectURL.append('?');
+ redirectURL.append(str);
+ }
+ trans.info().log("Redirect to",redirectURL);
+ resp.sendRedirect(redirectURL.toString());
+ } else {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
+ }
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Endpoints found for %s",req.getPathInfo()));
+ }
+ }
- private static class User {
- public final int code;
- public final String resp;
-
- public User(int code, String resp) {
- this.code = code;
- this.resp = resp;
- }
- }
+ private static class User {
+ public final int code;
+ public final String resp;
+
+ public User(int code, String resp) {
+ this.code = code;
+ this.resp = resp;
+ }
+ }
}
Code Review / aaf / authz.git / blobdiff