* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
si.defSS=x509Alias(alias);
set(si.defSS);
} else {
-
+
String encpass = access.getProperty(Config.AAF_APPPASS, null);
if (encpass==null) {
encpass = access.getProperty(Config.OAUTH_CLIENT_SECRET,null);
}
-
+
if (encpass==null) {
if (alias==null) {
access.printf(Access.Level.WARN,"%s, %s or %s required before use.", Config.CADI_ALIAS, Config.AAF_APPID, Config.OAUTH_CLIENT_ID);
set(si.defSS);
} else {
si.defSS=new SecuritySetter<CLIENT>() {
-
+
@Override
public String getID() {
return "";
}
-
+
@Override
public void setSecurity(CLIENT client) throws CadiException {
throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
}
-
+
@Override
public int setLastResponse(int respCode) {
return 0;
}
}
}
-
+
timeout = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT, Config.AAF_CALL_TIMEOUT_DEF));
cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));
highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());
connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());
userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());
usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based
-
+
app=FQI.reverseDomain(si.defSS.getID());
//TODO Get Realm from AAF
realm="people.osaaf.org";
-
+
env = new RosettaEnv();
permsDF = env.newDataFactory(Perms.class);
usersDF = env.newDataFactory(Users.class);
public final String aafVersion() {
return apiVersion;
}
-
+
/**
* Use this call to get the appropriate client based on configuration (HTTP, future)
* using default AAF API Version
- *
+ *
* @param apiVersion
* @return
* @throws CadiException
*/
public Rcli<CLIENT> client() throws CadiException {
return client(apiVersion);
- }
+ }
/**
* Use this call to get the appropriate client based on configuration (HTTP, future)
- *
+ *
* @param apiVersion
* @return
* @throws CadiException
client.apiVersion(apiVersion)
.readTimeout(connTimeout);
clients.put(apiVersion, client);
- }
+ }
return client;
}
public Rcli<CLIENT> client(URI uri) throws CadiException {
return rclient(uri,si.defSS).readTimeout(connTimeout);
}
-
+
/**
* Use this API when you have permission to have your call act as the end client's ID.
- *
+ *
* Your calls will get 403 errors if you do not have this permission. it is a special setup, rarely given.
- *
+ *
* @param apiVersion
* @param req
* @return
public Rcli<CLIENT> clientAs(TaggedPrincipal p) throws CadiException {
return clientAs(apiVersion,p);
}
-
+
/**
* Use this API when you have permission to have your call act as the end client's ID.
- *
+ *
* Your calls will get 403 errors if you do not have this permission. it is a special setup, rarely given.
- *
+ *
* @param apiVersion
* @param req
* @return
return cl.forUser(transferSS(p));
}
-
+
public RosettaEnv env() {
return env;
}
-
+
/**
* Return the backing AAFCon, if there is a Lur Setup that is AAF.
- *
+ *
* If there is no AAFLur setup, it will return "null"
* @param servletRequest
* @return
}
return null;
}
-
+
public abstract AAFCon<CLIENT> clone(String url) throws CadiException, LocatorException;
-
+
public AAFAuthn<CLIENT> newAuthn() throws APIException {
try {
return new AAFAuthn<>(this);
throw new CadiException(e);
}
}
-
+
public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {
try {
return new AAFLurPerm(this,c);
}
protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;
-
+
public abstract Rcli<CLIENT> rclient(Locator<URI> loc, SecuritySetter<CLIENT> ss) throws CadiException;
public Rcli<CLIENT> client(Locator<URI> locator) throws CadiException {
return rclient(locator,si.defSS);
}
-
+
public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;
public abstract<RET> RET bestForUser(GetSetter get, Retryable<RET> retryable) throws LocatorException, CadiException, APIException;
public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;
-
+
public abstract SecuritySetter<CLIENT> transferSS(TaggedPrincipal principal) throws CadiException;
-
+
public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;
-
+
public abstract SecuritySetter<CLIENT> tokenSS(final String client_id, final String accessToken) throws CadiException;
-
+
public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;
-
+
public String getRealm() {
return realm;
}
-
+
/**
* This interface allows the AAFCon, even though generic, to pass in correctly typed values based on the above SS commands.
* @author Jonathan
}
return ss;
}
-
+
public SecurityInfoC<CLIENT> securityInfo() {
return si;
}
}
return "unknown";
}
-
+
public void invalidate() throws CadiException {
for (Rcli<CLIENT> client : clients.values()) {
client.invalidate();
}
return text;
}
-
+
public static AAFCon<?> newInstance(PropAccess pa) throws CadiException, LocatorException {
// Potentially add plugin for other kinds of Access
return new AAFConHttp(pa);
Code Review / aaf / authz.git / blobdiff