* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.cadi.User;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
-import org.onap.aaf.cadi.client.Holder;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.lur.LocalPermission;
+import org.onap.aaf.cadi.util.Holder;
import org.onap.aaf.cadi.util.Timing;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Split;
/**
* Use AAF Service as Permission Service.
- *
+ *
* This Lur goes after AAF Permissions, which are elements of Roles, not the Roles themselves.
- *
+ *
* If you want a simple Role Lur, use AAFRoleLur
- *
+ *
* @author Jonathan
*
*/
public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
- private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
+ private static final String ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR = "org.onap.aaf.cadi.oauth.OAuth2Lur";
/**
* Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
- * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com".
- *
+ * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com".
+ *
* The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.
* Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely
- * @throws APIException
- * @throws URISyntaxException
- * @throws DME2Exception
+ * @throws APIException
+ * @throws URISyntaxException
+ * @throws DME2Exception
*/
// Package on purpose
AAFLurPerm(AAFCon<?> con) throws CadiException, APIException {
super(con,auc);
attachOAuth2(con);
}
-
+
private void attachOAuth2(AAFCon<?> con) throws APIException {
String oauth2_url;
- Class<?> tmcls = Config.loadClass(access,"org.osaaf.cadi.oauth.TokenMgr");
- if(tmcls!=null) {
- if((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) {
+ Class<?> tmcls = Config.loadClass(access,"org.onap.aaf.cadi.oauth.TokenMgr");
+ if (tmcls!=null) {
+ if ((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) {
try {
Constructor<?> tmconst = tmcls.getConstructor(AAFCon.class,String.class);
Object tokMangr = tmconst.newInstance(con,oauth2_url);
@SuppressWarnings("unchecked")
- Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access,ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR);
+ Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access, ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR);
Constructor<Lur> oa2const = oa2cls.getConstructor(tmcls);
Lur oa2 = oa2const.newInstance(tokMangr);
setPreemptiveLur(oa2);
final Holder<Float> remote = new Holder<Float>(0f);
final boolean[] success = new boolean[]{false};
-
+
try {
return aaf.best(new Retryable<User<AAFPermission>>() {
@Override
public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
final long remoteStart = System.nanoTime();
- Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);
-
+ StringBuilder sb = new StringBuilder("/authz/perms/user/");
+ sb.append(name);
+ if(details) {
+ sb.append("?force");
+ }
+ Future<Perms> fp = client.read(sb.toString(),aaf.permsDF);
+
// In the meantime, lookup User, create if necessary
User<AAFPermission> user = getUser(principal);
Principal p;
- if(user!=null && user.principal == null) {
+ if (user!=null && user.principal == null) {
p = new Principal() {// Create a holder for lookups
private String n = name;
public String getName() {
} else {
p = principal;
}
-
- if(user==null) {
+
+ if (user==null) {
addUser(user = new User<AAFPermission>(p,aaf.userExpires)); // no password
}
-
+
// OK, done all we can, now get content
boolean ok = fp.get(aaf.timeout);
remote.set(Timing.millis(remoteStart));
- if(ok) {
+ if (ok) {
success[0]=true;
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
- for(Perm perm : fp.value.getPerm()) {
+ for (Perm perm : fp.value.getPerm()) {
user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
- if(willLog) {
+ if (willLog) {
aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
}
}
@Override
public Resp code(Rcli<?> client) throws CadiException, ConnectException, APIException {
final long remoteStart = System.nanoTime();
- Future<Perms> fp = aaf.client(Config.AAF_DEFAULT_VERSION).read(
+ Future<Perms> fp = aaf.client().read(
"/authz/perms/user/"+name,
aaf.permsDF
);
-
+
// OK, done all we can, now get content
boolean ok = fp.get(aaf.timeout);
remote.set(Timing.millis(remoteStart));
- if(ok) {
+ if (ok) {
success.set(true);
- Map<String,Permission> newMap = user.newMap();
+ Map<String,Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
- for(Perm perm : fp.value.getPerm()) {
+ for (Perm perm : fp.value.getPerm()) {
user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
- if(willLog) {
+ if (willLog) {
aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
}
}
return new LocalPermission(p);
}
}
-
+
}
Code Review / aaf / authz.git / blobdiff