import java.util.List;
import org.onap.aaf.cadi.AbsUserCache;
+import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CachedPrincipal;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.User;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.lur.ConfigPrincipal;
import aaf.v2_0.CredRequest;
}
}
- AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.cleanInterval);
+ AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.userExpires);
// Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch
// Statement
switch(cp.revalidate(state)) {
if (usr!=null) {
usr.principal = cp;
} else {
- addUser(new User<AAFPermission>(cp,con.timeout));
+ addUser(new User<AAFPermission>(cp,con.userExpires));
}
return null;
case INACCESSIBLE:
return "AAF Inaccessible";
case UNVALIDATED:
- addUser(new User<AAFPermission>(user,bytes,con.timeout));
+ addUser(new User<AAFPermission>(user,bytes,con.userExpires));
return "user/pass combo invalid for " + user;
case DENIED:
return "AAF denies API for " + user;
}
public Resp revalidate(Object state) {
+ int maxRetries = 15;
+ try { // these SHOULD be an AAFConHttp and a AAFLocator or SingleEndpointLocator objects, but put in a try to be safe
+ AAFConHttp forceCastCon = (AAFConHttp) con;
+ if (forceCastCon.hman().loc instanceof SingleEndpointLocator) {
+ maxRetries = 1; // we cannot retry the single LGW gateway!
+ } else {
+ AAFLocator forceCastLoc = (AAFLocator) forceCastCon.hman().loc;
+ maxRetries = forceCastLoc.maxIters();
+ }
+ } catch (Exception e) {
+ access.log(Access.Level.DEBUG, e);
+ }
List<URI> attemptedUris = new ArrayList<>();
URI thisUri = null;
for (int retries = 0;; retries++) {
try {
Miss missed = missed(getName(), getCred());
if (missed == null || missed.mayContinue()) {
- CredRequest cr = new CredRequest();
- cr.setId(getName());
- cr.setPassword(new String(getCred()));
- Rcli<CLIENT> client = con.clientIgnoreAlreadyAttempted(attemptedUris);
+ Rcli<CLIENT> client = con.clientIgnoreAlreadyAttempted(attemptedUris).forUser(con.basicAuth(getName(), new String(getCred())));
thisUri = client.getURI();
- Future<String> fp = client.readPost("/authn/validate", con.credReqDF, cr);
- //Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred())));
- //Future<String> fp = client.read(
- // "/authn/basicAuth",
- // "text/plain"
- // );
+ Future<String> fp = client.read(
+ "/authn/basicAuth",
+ "text/plain"
+ );
if (fp.get(con.timeout)) {
expires = System.currentTimeMillis() + timeToLive;
- addUser(new User<AAFPermission>(this, expires));
+ addUser(new User<AAFPermission>(this, timeToLive));
return Resp.REVALIDATED;
} else {
addMiss(getName(), getCred());
attemptedUris.add(thisUri);
}
con.access.log(e);
- if (retries > 2) {
+ if (retries > maxRetries) {
return Resp.INACCESSIBLE;
}
}