import java.util.List;
import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.misc.env.util.Split;
/**
* A Class that understands the AAF format of Permission (name/type/action)
*
*/
public class AAFPermission implements Permission {
- private static final List<String> NO_ROLES;
- protected String type,instance,action,key;
- private List<String> roles;
-
- static {
- NO_ROLES = new ArrayList<String>();
- }
+ private static final List<String> NO_ROLES;
+ protected String ns,type,instance,action,key;
+ private List<String> roles;
+
+ static {
+ NO_ROLES = new ArrayList<>();
+ }
- protected AAFPermission() {roles=NO_ROLES;}
+ protected AAFPermission() {roles=NO_ROLES;}
- public AAFPermission(String type, String instance, String action) {
- this.type = type;
- this.instance = instance;
- this.action = action;
- key = type + '|' + instance + '|' + action;
- this.roles = NO_ROLES;
+ public AAFPermission(String ns, String name, String instance, String action) {
+ this.ns = ns;
+ type = name;
+ this.instance = instance;
+ this.action = action;
+ if (ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
+ this.roles = NO_ROLES;
- }
- public AAFPermission(String type, String instance, String action, List<String> roles) {
- this.type = type;
- this.instance = instance;
- this.action = action;
- key = type + '|' + instance + '|' + action;
- this.roles = roles==null?NO_ROLES:roles;
- }
-
- /**
- * Match a Permission
- * if Permission is Fielded type "Permission", we use the fields
- * otherwise, we split the Permission with '|'
- *
- * when the type or action starts with REGEX indicator character ( ! ),
- * then it is evaluated as a regular expression.
- *
- * If you want a simple field comparison, it is faster without REGEX
- */
- public boolean match(Permission p) {
- String aafType;
- String aafInstance;
- String aafAction;
- if(p instanceof AAFPermission) {
- AAFPermission ap = (AAFPermission)p;
- // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
- // Current solution is only allow direct match on Type.
- // 8/28/2014 Jonathan - added REGEX ability
- aafType = ap.getName();
- aafInstance = ap.getInstance();
- aafAction = ap.getAction();
- } else {
- // Permission is concatenated together: separated by |
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);
- aafType = aaf[0];
- aafInstance = (aaf.length > 1) ? aaf[1] : "*";
- aafAction = (aaf.length > 2) ? aaf[2] : "*";
- }
- return ((type.equals(aafType)) &&
- (PermEval.evalInstance(instance, aafInstance)) &&
- (PermEval.evalAction(action, aafAction)));
- }
+ }
- public String getName() {
- return type;
- }
-
- public String getInstance() {
- return instance;
- }
-
- public String getAction() {
- return action;
- }
-
- public String getKey() {
- return key;
- }
+ public AAFPermission(String ns, String name, String instance, String action, List<String> roles) {
+ this.ns = ns;
+ type = name;
+ this.instance = instance;
+ this.action = action;
+ if (ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
+ this.roles = roles==null?NO_ROLES:roles;
+ }
+
+ /**
+ * Match a Permission
+ * if Permission is Fielded type "Permission", we use the fields
+ * otherwise, we split the Permission with '|'
+ *
+ * when the type or action starts with REGEX indicator character ( ! ),
+ * then it is evaluated as a regular expression.
+ *
+ * If you want a simple field comparison, it is faster without REGEX
+ */
+ public boolean match(Permission p) {
+ if(p==null) {
+ return false;
+ }
+ String aafNS;
+ String aafType;
+ String aafInstance;
+ String aafAction;
+ if (p instanceof AAFPermission) {
+ AAFPermission ap = (AAFPermission)p;
+ // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
+ // Current solution is only allow direct match on Type.
+ // 8/28/2014 Jonathan - added REGEX ability
+ aafNS = ap.getNS();
+ aafType = ap.getType();
+ aafInstance = ap.getInstance();
+ aafAction = ap.getAction();
+ } else {
+ // Permission is concatenated together: separated by
+ String[] aaf = Split.splitTrim('|', p.getKey());
+ switch(aaf.length) {
+ case 1:
+ aafNS = aaf[0];
+ aafType="";
+ aafInstance = aafAction = "*";
+ break;
+ case 2:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aafAction = "*";
+ break;
+ case 3:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = "*";
+ break;
+ default:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = aaf[3];
+ break;
+ }
+ }
+ boolean typeMatches;
+ if (aafNS==null) {
+ if (ns==null) {
+ typeMatches = aafType.equals(type);
+ } else {
+ typeMatches = aafType.equals(ns+'.'+type);
+ }
+ } else if (ns==null) {
+ typeMatches = type.equals(aafNS+'.'+aafType);
+ } else if (aafNS.length() == ns.length()) {
+ typeMatches = aafNS.equals(ns) && aafType.equals(type);
+ } else { // Allow for restructuring of NS/Perm structure
+ typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
+ }
+ return (typeMatches &&
+ PermEval.evalInstance(instance, aafInstance) &&
+ PermEval.evalAction(action, aafAction));
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Permission#permType()
- */
- public String permType() {
- return "AAF";
- }
+ public String getNS() {
+ return ns;
+ }
- public List<String> roles() {
- return roles;
- }
- public String toString() {
- return "AAFPermission:\n\tType: " + type +
- "\n\tInstance: " + instance +
- "\n\tAction: " + action +
- "\n\tKey: " + key;
- }
+ public String getType() {
+ return type;
+ }
+
+ public String getFullType() {
+ return ns + '.' + type;
+ }
+
+ public String getInstance() {
+ return instance;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getKey() {
+ return key;
+ }
+
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Permission#permType()
+ */
+ public String permType() {
+ return "AAF";
+ }
+
+ public List<String> roles() {
+ return roles;
+ }
+ public String toString() {
+ return "AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
+ "\n\tInstance: " + instance +
+ "\n\tAction: " + action +
+ "\n\tKey: " + key;
+ }
}
Code Review / aaf / authz.git / blobdiff