X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFLurPerm.java;h=01a540b40b06940ee27c38fc0d8973f8e77149a3;hp=b1c600a08fb0869485791db48f9aa169047d1ee6;hb=55789c5859aff784f6b3cb45e17375c5be1c4cf3;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660 diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java index b1c600a0..01a540b4 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,11 +38,11 @@ import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.User; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Holder; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.lur.LocalPermission; +import org.onap.aaf.cadi.util.Holder; import org.onap.aaf.cadi.util.Timing; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.util.Split; @@ -52,26 +52,26 @@ import aaf.v2_0.Perms; /** * Use AAF Service as Permission Service. - * + * * This Lur goes after AAF Permissions, which are elements of Roles, not the Roles themselves. - * + * * If you want a simple Role Lur, use AAFRoleLur - * + * * @author Jonathan * */ public class AAFLurPerm extends AbsAAFLur { - private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur"; + private static final String ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR = "org.onap.aaf.cadi.oauth.OAuth2Lur"; /** * Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this - * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". - * + * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". + * * The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid. * Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely - * @throws APIException - * @throws URISyntaxException - * @throws DME2Exception + * @throws APIException + * @throws URISyntaxException + * @throws DME2Exception */ // Package on purpose AAFLurPerm(AAFCon con) throws CadiException, APIException { @@ -84,17 +84,17 @@ public class AAFLurPerm extends AbsAAFLur { super(con,auc); attachOAuth2(con); } - + private void attachOAuth2(AAFCon con) throws APIException { String oauth2_url; - Class tmcls = Config.loadClass(access,"org.osaaf.cadi.oauth.TokenMgr"); - if(tmcls!=null) { - if((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) { + Class tmcls = Config.loadClass(access,"org.onap.aaf.cadi.oauth.TokenMgr"); + if (tmcls!=null) { + if ((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) { try { Constructor tmconst = tmcls.getConstructor(AAFCon.class,String.class); Object tokMangr = tmconst.newInstance(con,oauth2_url); @SuppressWarnings("unchecked") - Class oa2cls = (Class)Config.loadClass(access,ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR); + Class oa2cls = (Class)Config.loadClass(access, ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR); Constructor oa2const = oa2cls.getConstructor(tmcls); Lur oa2 = oa2const.newInstance(tokMangr); setPreemptiveLur(oa2); @@ -113,18 +113,23 @@ public class AAFLurPerm extends AbsAAFLur { final Holder remote = new Holder(0f); final boolean[] success = new boolean[]{false}; - + try { return aaf.best(new Retryable>() { @Override public User code(Rcli client) throws CadiException, ConnectException, APIException { final long remoteStart = System.nanoTime(); - Future fp = client.read("/authz/perms/user/"+name,aaf.permsDF); - + StringBuilder sb = new StringBuilder("/authz/perms/user/"); + sb.append(name); + if(details) { + sb.append("?force"); + } + Future fp = client.read(sb.toString(),aaf.permsDF); + // In the meantime, lookup User, create if necessary User user = getUser(principal); Principal p; - if(user!=null && user.principal == null) { + if (user!=null && user.principal == null) { p = new Principal() {// Create a holder for lookups private String n = name; public String getName() { @@ -134,21 +139,21 @@ public class AAFLurPerm extends AbsAAFLur { } else { p = principal; } - - if(user==null) { + + if (user==null) { addUser(user = new User(p,aaf.userExpires)); // no password } - + // OK, done all we can, now get content boolean ok = fp.get(aaf.timeout); remote.set(Timing.millis(remoteStart)); - if(ok) { + if (ok) { success[0]=true; Map newMap = user.newMap(); boolean willLog = aaf.access.willLog(Level.DEBUG); - for(Perm perm : fp.value.getPerm()) { + for (Perm perm : fp.value.getPerm()) { user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles())); - if(willLog) { + if (willLog) { aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\''); } } @@ -190,21 +195,21 @@ public class AAFLurPerm extends AbsAAFLur { @Override public Resp code(Rcli client) throws CadiException, ConnectException, APIException { final long remoteStart = System.nanoTime(); - Future fp = aaf.client(Config.AAF_DEFAULT_VERSION).read( + Future fp = aaf.client().read( "/authz/perms/user/"+name, aaf.permsDF ); - + // OK, done all we can, now get content boolean ok = fp.get(aaf.timeout); remote.set(Timing.millis(remoteStart)); - if(ok) { + if (ok) { success.set(true); - Map newMap = user.newMap(); + Map newMap = user.newMap(); boolean willLog = aaf.access.willLog(Level.DEBUG); - for(Perm perm : fp.value.getPerm()) { + for (Perm perm : fp.value.getPerm()) { user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles())); - if(willLog) { + if (willLog) { aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction()); } } @@ -253,5 +258,5 @@ public class AAFLurPerm extends AbsAAFLur { return new LocalPermission(p); } } - + }