import org.onap.aaf.misc.env.util.Split;
public class OLur extends AbsOTafLur implements Lur {
- public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
- super(access, token_url, introspect_url);
- }
+ public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
+ super(access, token_url, introspect_url);
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
- */
- @Override
- public boolean fish(Principal bait, Permission ... pond) {
- TokenPerm tp;
- if(bait instanceof OAuth2Principal) {
- OAuth2Principal oa2p = (OAuth2Principal)bait;
- tp = oa2p.tokenPerm();
- } else {
- tp=null;
- }
- if(tp==null) {
- // if no Token Perm preset, get
- try {
- Pooled<TokenClient> tcp = tokenClientPool.get();
- try {
- TokenClient tc = tcp.content;
- tc.username(bait.getName());
- Set<String> scopeSet = new HashSet<>();
- scopeSet.add(tc.defaultScope());
- AAFPermission ap;
- for (Permission p : pond) {
- if(p instanceof AAFPermission) {
- ap = (AAFPermission)p;
- scopeSet.add(ap.getNS());
- }
- }
- String[] scopes = new String[scopeSet.size()];
- scopeSet.toArray(scopes);
-
- Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
- if(rtt.isOK()) {
- Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
- if(rtp.isOK()) {
- tp = rtp.value;
- }
- }
- } finally {
- tcp.done();
- }
- } catch (APIException | LocatorException | CadiException e) {
- access.log(e, "Unable to Get a Token");
- }
- }
-
- boolean rv = false;
- if(tp!=null) {
- if(tkMgr.access.willLog(Level.DEBUG)) {
- StringBuilder sb = new StringBuilder("AAF Permissions for user ");
- sb.append(bait.getName());
- sb.append(", from token ");
- sb.append(tp.get().getAccessToken());
- for (AAFPermission p : tp.perms()) {
- sb.append("\n\t[");
- sb.append(p.getNS());
- sb.append(']');
- sb.append(p.getType());
- sb.append('|');
- sb.append(p.getInstance());
- sb.append('|');
- sb.append(p.getAction());
- }
- sb.append('\n');
- access.log(Level.DEBUG, sb);
- }
- for (Permission p : pond) {
- if(rv) {
- break;
- }
- for (AAFPermission perm : tp.perms()) {
- if (rv=perm.match(p)) {
- break;
- }
- }
- }
- }
- return rv;
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
+ */
+ @Override
+ public boolean fish(Principal bait, Permission ... pond) {
+ TokenPerm tp;
+ if(bait instanceof OAuth2Principal) {
+ OAuth2Principal oa2p = (OAuth2Principal)bait;
+ tp = oa2p.tokenPerm();
+ } else {
+ tp=null;
+ }
+ if(tp==null) {
+ // if no Token Perm preset, get
+ try {
+ Pooled<TokenClient> tcp = tokenClientPool.get();
+ try {
+ TokenClient tc = tcp.content;
+ tc.username(bait.getName());
+ Set<String> scopeSet = new HashSet<>();
+ scopeSet.add(tc.defaultScope());
+ AAFPermission ap;
+ for (Permission p : pond) {
+ if(p instanceof AAFPermission) {
+ ap = (AAFPermission)p;
+ scopeSet.add(ap.getNS());
+ }
+ }
+ String[] scopes = new String[scopeSet.size()];
+ scopeSet.toArray(scopes);
+
+ Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
+ if(rtt.isOK()) {
+ Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
+ if(rtp.isOK()) {
+ tp = rtp.value;
+ }
+ }
+ } finally {
+ tcp.done();
+ }
+ } catch (APIException | LocatorException | CadiException e) {
+ access.log(e, "Unable to Get a Token");
+ }
+ }
+
+ boolean rv = false;
+ if(tp!=null) {
+ if(tkMgr.access.willLog(Level.DEBUG)) {
+ StringBuilder sb = new StringBuilder("AAF Permissions for user ");
+ sb.append(bait.getName());
+ sb.append(", from token ");
+ sb.append(tp.get().getAccessToken());
+ for (AAFPermission p : tp.perms()) {
+ sb.append("\n\t[");
+ sb.append(p.getNS());
+ sb.append(']');
+ sb.append(p.getType());
+ sb.append('|');
+ sb.append(p.getInstance());
+ sb.append('|');
+ sb.append(p.getAction());
+ }
+ sb.append('\n');
+ access.log(Level.DEBUG, sb);
+ }
+ for (Permission p : pond) {
+ if(rv) {
+ break;
+ }
+ for (AAFPermission perm : tp.perms()) {
+ if (rv=perm.match(p)) {
+ break;
+ }
+ }
+ }
+ }
+ return rv;
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
- */
- @Override
-
public void fishAll(Principal bait, List<Permission> permissions) {
- if(bait instanceof OAuth2Principal) {
- for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
- permissions.add(p);
- }
- }
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
+ */
+ @Override
+ public void fishAll(Principal bait, List<Permission> permissions) {
+ if(bait instanceof OAuth2Principal) {
+ for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
+ permissions.add(p);
+ }
+ }
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
- */
- @Override
- public boolean handlesExclusively(Permission ... pond) {
- return false;
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
+ */
+ @Override
+ public boolean handlesExclusively(Permission ... pond) {
+ return false;
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
- */
- @Override
- public boolean handles(Principal principal) {
- return principal instanceof OAuth2Principal;
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
+ */
+ @Override
+ public boolean handles(Principal principal) {
+ return principal instanceof OAuth2Principal;
+ }
- /* (non-Javadoc)
- * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
- */
- @Override
- public Permission createPerm(final String p) {
- String[] s = Split.split('|',p);
- switch(s.length) {
- case 3:
- return new AAFPermission(null, s[0],s[1],s[2]);
- case 4:
- return new AAFPermission(s[0],s[1],s[2],s[3]);
- default:
- return new LocalPermission(p);
- }
- }
+ /* (non-Javadoc)
+ * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
+ */
+ @Override
+ public Permission createPerm(final String p) {
+ String[] s = Split.split('|',p);
+ switch(s.length) {
+ case 3:
+ return new AAFPermission(null, s[0],s[1],s[2]);
+ case 4:
+ return new AAFPermission(s[0],s[1],s[2],s[3]);
+ default:
+ return new LocalPermission(p);
+ }
+ }
}
Code Review / aaf / authz.git / blobdiff