}
public String fullPerm() {
- StringBuilder sb = new StringBuilder(ns);
- sb.append(ns.indexOf('@')<0?'.':':');
+ StringBuilder sb = new StringBuilder();
+ if(ns==null) {
+ sb.append("null.");
+ } else {
+ sb.append(ns);
+ sb.append(ns.indexOf('@')<0?'.':':');
+ }
sb.append(type);
sb.append('|');
sb.append(instance);
} else if (!fullperm.roles.isEmpty()) {
return Result
.err(Status.ERR_DependencyExists,
- "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.",
- fullperm.ns, fullperm.type, fullperm.instance, fullperm.action);
+ "Permission [%s] cannot be deleted as it is attached to 1 or more roles.",
+ fullperm.fullPerm());
}
}
public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) {
if(pdd.ns.indexOf('@')>-1) {
- if(user.equals(pdd.ns)) {
+ if(user.equals(pdd.ns) || isGranted(trans,user,Define.ROOT_NS(),"access",pdd.instance,READ)) {
NsDAO.Data ndd = new NsDAO.Data();
ndd.name = user;
ndd.type = NsDAO.USER;
} else {
trans = env.newTransNoAvg();
if (state instanceof HttpServletRequest) {
- trans.set((HttpServletRequest)state);
+ trans.set((HttpServletRequest)state,null);
transfer=true;
}
}
// Load special data here
- // WebPhone
- env.setProperty("java.naming.provider.url","ldap://ldap.webphone.att.com:389");
- env.setProperty("com.sun.jndi.ldap.connect.pool","true");
iterations = 0;
try {
Log4JLogIt logIt = new Log4JLogIt(args, "cm");
PropAccess propAccess = new PropAccess(logIt,args);
-
try {
- AAF_CM service = new AAF_CM(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_CM(new AuthzEnv(propAccess)),true)
+ .start();
} catch (Exception e) {
propAccess.log(e);
}
} else if (primary == null) {
return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)", trans.ip());
} else {
- host = primary.getHostAddress();
+ String thost = primary.getHostName();
+ host = thost==null?primary.getHostAddress():thost;
}
ArtiDAO.Data add = null;
public static void setUp() {
AuthzTrans trans = mock(AuthzTrans.class);
req = mock(HttpServletRequest.class);
+ res = mock(HttpServletResponse.class);
trans.setProperty("testTag", "UserValue");
- trans.set(req);
+ trans.set(req,res);
}
@Rule
public static void setUp() {
AuthzTrans trans = mock(AuthzTrans.class);
req = mock(HttpServletRequest.class);
+ res = mock(HttpServletResponse.class);
trans.setProperty("testTag", "UserValue");
- trans.set(req);
+ trans.set(req,res);
}
@Rule
private List<Cmd> cmds;
public Help(AAFcli aafcli, List<Cmd> cmds) {
- super(aafcli, "--help",
+ super(aafcli, "help",
new Param("-d (more details)", false),
new Param("command",false));
this.cmds = cmds;
import org.onap.aaf.misc.env.APIException;
public class Version extends Cmd {
+ private final String version;
-
- public Version(AAFcli aafcli) {
- super(aafcli, "--version");
+ public Version(AAFcli aafcli) {
+ super(aafcli, "version");
+ version = aafcli.access.getProperty(Config.AAF_DEPLOYED_VERSION, Config.AAF_DEFAULT_API_VERSION);
}
@Override
protected int _exec(int idx, String... args) throws CadiException, APIException, LocatorException {
pw().println("AAF Command Line Tool");
pw().print("Version: ");
- pw().println(Config.AAF_DEFAULT_API_VERSION);
+ pw().println(version);
return 200;
}
}
indent+=4;
detailLine(sb,indent,"Report Users associated with this Namespace's Roles");
sb.append('\n');
- detailLine(sb,indent,"If \"set details=true\" is specified, then all roles are printed ");
+ detailLine(sb,indent,"If \"details\" is specified, then all roles are printed ");
detailLine(sb,indent,"with the associated users and expiration dates");
indent-=4;
api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);
indent+=4;
detailLine(sb,indent,"Report Users associated with this Namespace's Roles");
sb.append('\n');
- detailLine(sb,indent,"If \"set details=true\" is specified, then all roles are printed ");
+ detailLine(sb,indent,"If \"details\" is specified, then all roles are printed ");
detailLine(sb,indent,"with the associated users and expiration dates");
indent-=4;
api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);
pk.setInstance(args[idx++]);
pk.setAction(args[idx++]);
- // Set "Force" if set
- setQueryParamsOn(client);
+ if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role
+ client.setQueryParams("force");
+ } else {
+ // Set "Force" if set
+ setQueryParamsOn(client);
+ }
Future<PermRequest> fp = client.delete(
"/authz/perm",
getDF(PermRequest.class),
}
if (aafcli.isDetailed()) {
if (sb==null) {
- sb = new StringBuilder('?');
+ sb = new StringBuilder("?");
} else {
- sb.append('&');
+ sb.append("&");
}
sb.append("ns");
}
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Lur;
}
}
- public abstract AuthzTrans set(HttpServletRequest req);
+ public abstract AuthzTrans set(HttpServletRequest req, HttpServletResponse resp);
public abstract HttpServletRequest hreq();
+
+ public abstract HttpServletResponse hresp();
public abstract String user();
public abstract String getTag();
+ public abstract void clearCache();
+
+
}
\ No newline at end of file
import java.security.Principal;
-import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.rserv.TransFilter;
import org.onap.aaf.cadi.CadiException;
}
@Override
- protected AuthzTrans newTrans(HttpServletRequest req) {
+ protected AuthzTrans newTrans(HttpServletRequest req, HttpServletResponse resp) {
AuthzTrans at = env.newTrans();
at.setLur(getLur());
- at.set(req);
+ at.set(req,resp);
return at;
}
@Override
- protected TimeTaken start(AuthzTrans trans, ServletRequest request) {
- trans.set((HttpServletRequest)request);
+ protected TimeTaken start(AuthzTrans trans) {
return trans.start("Trans " + //(context==null?"n/a":context.toString()) +
" IP: " + trans.ip() +
" Port: " + trans.port()
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.OrganizationFactory;
private static final String N_A = "n/a";
private static final String BLANK = "";
private HttpServletRequest hreq;
+ private HttpServletResponse hresp;
private TaggedPrincipal user;
private Lur lur;
private Organization org;
* @see org.onap.aaf.auth.env.test.AuthTrans#set(javax.servlet.http.HttpServletRequest)
*/
@Override
- public AuthzTrans set(HttpServletRequest req) {
+ public AuthzTrans set(HttpServletRequest req, HttpServletResponse resp) {
hreq = req;
+ hresp = resp;
user = (TaggedPrincipal)req.getUserPrincipal();
for (REQD_TYPE rt : REQD_TYPE.values()) {
org=null;
return this;
}
+
@Override
public HttpServletRequest hreq() {
return hreq;
}
-
+
+ @Override
+ public HttpServletResponse hresp() {
+ return hresp;
+ }
+
@Override
public void setUser(TaggedPrincipal p) {
user = p;
}
return false;
}
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.env.test.AuthzTrans#org()
*/
public String getTag() {
return tag;
}
+
+ @Override
+ public void clearCache() {
+ if (lur!=null) {
+ StringBuilder report = new StringBuilder();
+ lur.clear(user, report);
+ info().log(report);
+ }
+ }
}
package org.onap.aaf.auth.env;
-import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.rserv.TransOnlyFilter;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
}
@Override
- protected AuthzTrans newTrans() {
- return env.newTrans();
+ protected AuthzTrans newTrans(HttpServletRequest req, HttpServletResponse resp) {
+ AuthzTrans trans = env.newTrans();
+ trans.set(req, resp);
+ return trans;
}
@Override
- protected TimeTaken start(AuthzTrans trans, ServletRequest request) {
- trans.set((HttpServletRequest)request);
+ protected TimeTaken start(AuthzTrans trans) {
return trans.start("Trans " + //(context==null?"n/a":context.toString()) +
" IP: " + trans.ip() +
" Port: " + trans.port()
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Lur;
return null;
}
@Override
- public AuthzTrans set(HttpServletRequest req) {
+ public AuthzTrans set(HttpServletRequest req, HttpServletResponse resp) {
return null;
}
public HttpServletRequest hreq() {
return null;
}
+
+ @Override
+ public HttpServletResponse hresp() {
+ return null;
+ }
+
@Override
public String user() {
return null;
public String getTag() {
return null;
}
+ @Override
+ public void clearCache() {
+ }
}
return cadi.getLur();
}
- protected abstract TRANS newTrans(HttpServletRequest request);
- protected abstract TimeTaken start(TRANS trans, ServletRequest request);
+ protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response);
+ protected abstract TimeTaken start(TRANS trans);
protected abstract void authenticated(TRANS trans, Principal p);
protected abstract void tallyHo(TRANS trans, String target);
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
- TRANS trans = newTrans(req);
+ TRANS trans = newTrans(req,res);
- TimeTaken overall = start(trans,request);
+ TimeTaken overall = start(trans);
String target = "n/a";
try {
request.setAttribute(TRANS_TAG, trans);
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
import org.onap.aaf.misc.env.TimeTaken;
- protected abstract TRANS newTrans();
- protected abstract TimeTaken start(TRANS trans, ServletRequest request);
+ protected abstract TRANS newTrans(HttpServletRequest req, HttpServletResponse resp);
+ protected abstract TimeTaken start(TRANS trans);
protected abstract void authenticated(TRANS trans, TaggedPrincipal p);
protected abstract void tallyHo(TRANS trans);
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- TRANS trans = newTrans();
-
- TimeTaken overall = start(trans,request);
+ TRANS trans = newTrans((HttpServletRequest)request,(HttpServletResponse)response);
+ TimeTaken overall = start(trans);
try {
request.setAttribute(TransFilter.TRANS_TAG, trans);
chain.doFilter(request, response);
private boolean do_register;
protected AbsService<ENV,TRANS> service;
protected String hostname;
+ protected final boolean secure;
- public AbsServiceStarter(final AbsService<ENV,TRANS> service) {
+ public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean secure) {
+ this.secure = secure;
this.service = service;
try {
OrganizationFactory.init(service.env);
});
if(System.getProperty("ECLIPSE", null)!=null) {
Thread.sleep(2000);
- System.out.println("Service Started in Eclipse: ");
- System.out.print(" Hit <enter> to end\n:");
- try {
- System.in.read();
- System.exit(0);
- } catch (IOException e) {
+ if(!app.isCancelled()) {
+ System.out.println("Service Started in Eclipse: ");
+ System.out.print(" Hit <enter> to end:\n");
+ try {
+ System.in.read();
+ System.exit(0);
+ } catch (IOException e) {
+ }
}
}
}
public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> extends AbsServiceStarter<ENV,TRANS> {
- private boolean secure;
- public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException {
- super(service);
- secure = true;
+ public JettyServiceStarter(final AbsService<ENV,TRANS> service, boolean secure) throws OrganizationException {
+ super(service, secure);
}
- /**
- * Specifically set this Service starter to Insecure (HTTP) Mode.
- * @return
- */
- public JettyServiceStarter<ENV,TRANS> insecure() {
- secure = false;
- return this;
- }
-
-
@Override
public void _propertyAdjustment() {
// System.setProperty("com.sun.management.jmxremote.port", "8081");
public void setUp(){
authzTransImpl = new AuthzTransImpl(authzEnvMock);
req = mock(HttpServletRequest.class);
- authzTransImpl.set(req);
+ res = mock(HttpServletResponse.class);
+ authzTransImpl.set(req,res);
when(req.getParameter("request")).thenReturn("NotNull");
- authzTransImpl.set(req);
+ authzTransImpl.set(req,res);
when(req.getParameter("request")).thenReturn("");
- authzTransImpl.set(req);
+ authzTransImpl.set(req,res);
}
@Test
public void testStart() throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
AuthzTransOnlyFilter aTF = new AuthzTransOnlyFilter(authzEnvMock);
Class c = aTF.getClass();
- Class[] cArg = new Class[2];
- cArg[0] = AuthzTrans.class;
- cArg[1] = ServletRequest.class; //Steps to test a protected method
- Method startMethod = c.getDeclaredMethod("start", cArg);
+ Method startMethod = c.getDeclaredMethod("start", new Class[] {AuthzTrans.class});
startMethod.setAccessible(true);
//startMethod.invoke(aTF, authzTransMock, servletRequestMock);
}
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Before;
@Test
public void testSet() {
HttpServletRequest req = mock(HttpServletRequest.class);
- AuthzTrans set = nullTrans.set(req);
+ HttpServletResponse res = mock(HttpServletResponse.class);
+ AuthzTrans set = nullTrans.set(req,res);
Assert.assertNull(set);
}
private class AbsServiceStarterStub extends AbsServiceStarter {
- public AbsServiceStarterStub(AbsService service) {
- super(service);
+ public AbsServiceStarterStub(AbsService service, boolean secure) {
+ super(service,secure);
// TODO Auto-generated constructor stub
}
prop.setLogLevel(Level.DEBUG);
absServiceStub = new AbsServiceStub(prop, bEnv);
- absServiceStarterStub = new AbsServiceStarterStub(absServiceStub);
+ absServiceStarterStub = new AbsServiceStarterStub(absServiceStub,true);
}
// @Test
try {
Log4JLogIt logIt = new Log4JLogIt(args, "fs");
PropAccess propAccess = new PropAccess(logIt,args);
-
- AAF_FS service = new AAF_FS(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.insecure().start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_FS(new AuthzEnv(propAccess)),false)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
package org.onap.aaf.auth.cui;
import java.io.PrintWriter;
+import java.util.regex.Pattern;
import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.gui.AAF_GUI;
+import org.onap.aaf.auth.gui.Page;
import org.onap.aaf.auth.rserv.HttpCode;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.http.HTransferSS;
public class CUI extends HttpCode<AuthzTrans, Void> {
private final AAF_GUI gui;
+ private final static Pattern userPerm = Pattern.compile("perm (create|delete).*@.*:id.*aaf.gui.*");
public CUI(AAF_GUI gui) {
}
try {
aafcli.eval(cmdStr);
+ if(userPerm.matcher(cmdStr).matches()) {
+ trans.clearCache();
+ Cookie cookie = new Cookie(Page.AAF_THEME,trans.getProperty(Page.AAF_THEME));
+ cookie.setMaxAge(-1);
+ cookie.setComment("Remove AAF GUI Theme");
+ trans.hresp().addCookie(cookie);
+ }
pw.flush();
} catch (Exception e) {
pw.flush();
import static org.onap.aaf.auth.rserv.HttpMethods.PUT;
import javax.servlet.Filter;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.auth.cmd.Cmd;
import org.onap.aaf.auth.cui.CUI;
import org.onap.aaf.auth.gui.pages.CMArtiChangeForm;
import org.onap.aaf.auth.gui.pages.CMArtifactShow;
import org.onap.aaf.auth.gui.pages.CredDetail;
+import org.onap.aaf.auth.gui.pages.CredHistory;
import org.onap.aaf.auth.gui.pages.Home;
import org.onap.aaf.auth.gui.pages.LoginLanding;
import org.onap.aaf.auth.gui.pages.LoginLandingAction;
import org.onap.aaf.auth.gui.pages.UserRoleRemove;
import org.onap.aaf.auth.gui.pages.WebCommand;
import org.onap.aaf.auth.rserv.CachingFileAccess;
+import org.onap.aaf.auth.rserv.HttpCode;
import org.onap.aaf.auth.server.AbsService;
import org.onap.aaf.auth.server.JettyServiceStarter;
import org.onap.aaf.auth.server.Log4JLogIt;
protected final String deployedVersion;
private StaticSlot sThemeWebPath;
private StaticSlot sDefaultTheme;
-// public final String theme;
public AAF_GUI(final AuthzEnv env) throws Exception {
super(env.access(), env);
sDefaultTheme = env.staticSlot(AAF_GUI_THEME);
- env.put(sDefaultTheme, env.getProperty(AAF_GUI_THEME,"onap"));
+ String defTheme = env.getProperty(AAF_GUI_THEME,"onap");
+ env.put(sDefaultTheme, defTheme);
sThemeWebPath = env.staticSlot(CachingFileAccess.CFA_WEB_PATH);
if(env.get(sThemeWebPath)==null) {
env.put(sThemeWebPath,"theme");
}
-
+
slot_httpServletRequest = env.slot(HTTP_SERVLET_REQUEST);
deployedVersion = app_version;
// MyNameSpace
final Page myNamespaces = new Display(this, GET, new NssShow(this, start)).page();
Page nsDetail = new Display(this, GET, new NsDetail(this, start, myNamespaces)).page();
- new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail));
+ new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail));
Page crdDetail = new Display(this, GET, new CredDetail(this, start, myNamespaces, nsDetail)).page();
+ new Display(this, GET, new CredHistory(this,start,myNamespaces,nsDetail,crdDetail));
Page artiShow = new Display(this, GET, new CMArtifactShow(this, start, myNamespaces, nsDetail, crdDetail)).page();
Page artiCForm = new Display(this, GET, new CMArtiChangeForm(this, start, myNamespaces, nsDetail, crdDetail,artiShow)).page();
new Display(this, POST, new CMArtiChangeAction(this, start,artiShow,artiCForm));
// Command line Mechanism
route(env, PUT, "/gui/cui", new CUI(this),"text/plain;charset=utf-8","*/*");
+ route(env, GET, "/gui/clear", new HttpCode<AuthzTrans, Void>(null, "Clear"){
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ trans.clearCache();
+ Cookie cookies[] = req.getCookies();
+ if(cookies!=null) {
+ for(Cookie c : cookies) {
+ if(c.getName().startsWith("aaf.gui.")) {
+ c.setMaxAge(0);
+ resp.addCookie(c);
+ }
+ }
+ }
+ resp.sendRedirect("/gui/home");
+ }
+ }, "text/plain;charset=utf-8","*/*");
+
///////////////////////
// WebContent Handler
///////////////////////
Log4JLogIt logIt = new Log4JLogIt(args, "gui");
PropAccess propAccess = new PropAccess(logIt,args);
- AAF_GUI service = new AAF_GUI(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_GUI(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
import org.onap.aaf.auth.gui.pages.Home;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.client.Holder;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
import org.onap.aaf.misc.env.APIException;
*
*/
public class Page extends HTMLCacheGen {
+ public static final String AAF_THEME = "aaf_theme";
public static final String AAFURL_TOOLS = "aaf_url.tools";
public static final String AAF_URL_TOOL_DOT = "aaf_url.tool.";
public static final String AAF_URL_CUIGUI = "aaf_url.cuigui"; // link to help
private static class PageCode implements Code<HTMLGen> {
- private static final String AAF_GUI_TITLE = "aaf_gui_title";
+ private static final String AAF_GUI_THEME = "aaf.gui.theme";
+ private static final String AAF_GUI_TITLE = "aaf_gui_title";
private final ContentCode[] content;
private final Slot browserSlot;
browserSlot = env.slot(BROWSER_TYPE);
sTheme = env.staticSlot(AAF_GUI.AAF_GUI_THEME);
this.env = env;
+ getThemeFiles(env,""); //
}
private static synchronized List<String> getThemeFiles(Env env, String theme) {
themeProps = new TreeMap<>();
props = null;
} else {
- props = themeProps.get(theme);
+ props = themeProps.get(t.getName());
}
if(props==null) {
props = new Properties();
- themeProps.put(theme, props);
+ themeProps.put(t.getName(), props);
}
try {
return themes.get(theme);
}
- protected Imports getImports(Env env, Holder<String> theme, String defaultTheme, int backdots, BROWSER browser) {
- List<String> ls = getThemeFiles(env,theme.get());
+ protected Imports getImports(Env env, String theme, int backdots, BROWSER browser) {
+ List<String> ls = getThemeFiles(env,theme);
Imports imp = new Imports(backdots);
- if(ls==null) {
- theme.set(defaultTheme);
- }
- String prefix = "theme/" + theme.get() + '/';
+ String prefix = "theme/" + theme + '/';
for(String f : ls) {
if(f.endsWith(".js")) {
imp.js(prefix + f);
hgen.html();
final String title = env.getProperty(AAF_GUI_TITLE,"Authentication/Authorization Framework");
final String defaultTheme = env.get(sTheme,"onap");
- final Holder<String> hTheme = new Holder<>(defaultTheme);
Mark head = hgen.head();
hgen.leaf(TITLE).text(title).end();
@Override
public void code(AAF_GUI state, AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
BROWSER browser = browser(trans,browserSlot);
+ String theme = null;
Cookie[] cookies = trans.hreq().getCookies();
if(cookies!=null) {
for(Cookie c : cookies) {
- if("aaf_theme".equals(c.getName())) {
- hTheme.set(c.getValue());
+ if(AAF_GUI_THEME.equals(c.getName())) {
+ theme=c.getValue();
+ if(!(themes.containsKey(theme))) {
+ theme = defaultTheme;
+ }
+ break;
}
}
}
- hgen.imports(getImports(env,hTheme,defaultTheme,backdots,browser));
+
+ if(theme==null) {
+ for(String t : themes.keySet()) {
+ if(!t.equals(defaultTheme) && trans.fish(new AAFPermission(null,trans.user()+":id", AAF_GUI_THEME, t))) {
+ theme=t;
+ break;
+ }
+ }
+ if(theme==null) {
+ theme = defaultTheme;
+ }
+ Cookie cookie = new Cookie(AAF_GUI_THEME,theme);
+ cookie.setMaxAge(604_800); // one week
+ trans.hresp().addCookie(cookie);
+ }
+ trans.setProperty(Page.AAF_THEME, theme);
+
+ hgen.imports(getImports(env,theme,backdots,browser));
switch(browser) {
case ie:
case ieOld:
}
hgen.end(header);
-
+
+ hgen.divID("pageContent");
Mark inner = hgen.divID("inner");
// Content
for (int i=cIdx;i<content.length;++i) {
}
hgen.end(inner);
+
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI,AuthzTrans>() {
+ @Override
+ public void code(AAF_GUI state, AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
+ String theme = trans.getProperty(Page.AAF_THEME);
+ Properties props;
+ if(theme==null) {
+ props = null;
+ } else {
+ props = themeProps==null?null:themeProps.get(theme);
+ }
+
+ if(props!=null && "TRUE".equalsIgnoreCase(props.getProperty("enable_nav_btn"))) {
+ xgen.leaf("button", "id=navBtn").end();
+ }
+ }
+ });
+ // Adding "nav Hamburger button"
// Navigation - Using older Nav to work with decrepit IE versions
-
Mark nav = hgen.divID("nav");
cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI,AuthzTrans>() {
@Override
public void code(AAF_GUI state, AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
- Properties props = themeProps==null?null:themeProps.get(hTheme.get());
- if(props!=null && "TRUE".equalsIgnoreCase(props.getProperty("main_menu_in_nav"))) {
- xgen.incr("h2").text("Navigation").end();
- Mark mark = new Mark();
- boolean selected = isSelected(trans.path(),Home.HREF);
- //trans.path().endsWith("home");
- xgen.incr(mark,HTMLGen.UL)
- .incr(HTMLGen.LI,selected?"class=selected":"")
- .incr(HTMLGen.A, "href=home")
- .text("Home")
- .end(2);
- boolean noSelection = !selected;
- for(String[] mi : Home.MENU_ITEMS) {
- //selected = trans.path().endsWith(mi[0]);
- if(noSelection) {
- selected = isSelected(trans.path(),mi[2]);
- noSelection = !selected;
- } else {
- selected = false;
- }
- xgen.incr(HTMLGen.LI,selected?"class=selected":"")
- .incr(HTMLGen.A, "href="+mi[0])
- .text(mi[1])
- .end(2);
- }
- xgen.end(mark);
+ String theme = trans.getProperty(Page.AAF_THEME);
+ Properties props;
+ if(theme==null) {
+ props = null;
+ } else {
+ props = themeProps==null?null:themeProps.get(theme);
+ }
+
+ if(props!=null) {
+ if("TRUE".equalsIgnoreCase(props.getProperty("main_menu_in_nav"))) {
+ xgen.incr("h2").text("Navigation").end();
+ Mark mark = new Mark();
+ boolean selected = isSelected(trans.path(),Home.HREF);
+ //trans.path().endsWith("home");
+ xgen.incr(mark,HTMLGen.UL)
+ .incr(HTMLGen.LI,selected?"class=selected":"")
+ .incr(HTMLGen.A, "href=home")
+ .text("Home")
+ .end(2);
+ boolean noSelection = !selected;
+ for(String[] mi : Home.MENU_ITEMS) {
+ //selected = trans.path().endsWith(mi[0]);
+ if(noSelection) {
+ selected = isSelected(trans.path(),mi[2]);
+ noSelection = !selected;
+ } else {
+ selected = false;
+ }
+ xgen.incr(HTMLGen.LI,selected?"class=selected":"")
+ .incr(HTMLGen.A, "href="+mi[0])
+ .text(mi[1])
+ .end(2);
+ }
+ xgen.end(mark);
+ }
}
}
arti.getSans().add(s);
}
}
- // Disallow IP entries, except by special Permission
- if (!trans.fish(getPerm(ca,"ip"))) {
- boolean ok=true;
- if (IPValidator.ip(machine)) {
- ok=false;
- }
- if (ok) {
- for (String s: arti.getSans()) {
- if (IPValidator.ip(s)) {
- ok=false;
- break;
- }
- }
- }
- if (!ok) {
- hgen.p("Policy Failure: IPs in certificates are only allowed by Exception.");
- return;
- }
- }
- // Disallow Domain based Definitions without exception
- if (machine.startsWith("*")) { // Domain set
- if (!trans.fish(getPerm(ca, "domain"))) {
- hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
- return;
- }
+ // These checks to not apply to deletions
+ if(!CMArtiChangeForm.DELETE.equals(trans.get(sCmd, ""))) {
+ // Disallow IP entries, except by special Permission
+ if (!trans.fish(getPerm(ca,"ip"))) {
+ boolean ok=true;
+ if (IPValidator.ip(machine)) {
+ ok=false;
+ }
+ if (ok) {
+ for (String s: arti.getSans()) {
+ if (IPValidator.ip(s)) {
+ ok=false;
+ break;
+ }
+ }
+ }
+ if (!ok) {
+ hgen.p("Policy Failure: IPs in certificates are only allowed by Exception.");
+ return;
+ }
+ }
+
+ // Disallow Domain based Definitions without exception
+ if (machine.startsWith("*")) { // Domain set
+ if (!trans.fish(getPerm(ca, "domain"))) {
+ hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
+ return;
+ }
+ }
}
arti.setMechid((String)trans.get(sID,null));
StringWriter buttons = new StringWriter();
HTMLGen hgen = cd.clone(buttons);
hgen.leaf("button","onclick=divVisibility('"+key+"');","class=button").text("Expand").end();
+ hgen.leaf(HTMLGen.A,"class=button","class=greenbutton","href="+CredHistory.HREF+"?user="+ulm.getKey()).text("History").end();
StringWriter creds = new StringWriter();
hgen = cd.clone(creds);
Chrono.niceDateStamp(oldest),
Chrono.niceDateStamp(newest)))
.end(uRow);
-
+
}
+
}
hgen.end(utable);
}
new TextCell(creds.toString(),STYLE_WIDTH_70)
});
}
+
for (String missing : lns) {
StringWriter buttons = new StringWriter();
HTMLGen hgen = cd.clone(buttons);
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.gui.pages;
+
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Comparator;
+import java.util.List;
+
+import org.onap.aaf.auth.env.AuthzEnv;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.gui.AAF_GUI;
+import org.onap.aaf.auth.gui.BreadCrumbs;
+import org.onap.aaf.auth.gui.NamedCode;
+import org.onap.aaf.auth.gui.Page;
+import org.onap.aaf.auth.gui.Table;
+import org.onap.aaf.auth.gui.Table.Cells;
+import org.onap.aaf.auth.gui.table.AbsCell;
+import org.onap.aaf.auth.gui.table.TableData;
+import org.onap.aaf.auth.gui.table.TextCell;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.Slot;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.xgen.Cache;
+import org.onap.aaf.misc.xgen.DynamicCode;
+import org.onap.aaf.misc.xgen.html.HTMLGen;
+
+import aaf.v2_0.History;
+import aaf.v2_0.History.Item;
+
+
+public class CredHistory extends Page {
+ static final String NAME="CredHistory";
+ static final String HREF = "/gui/credHistory";
+ static final String FIELDS[] = {"user","dates"};
+
+
+ public CredHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AAF_GUI,AuthzTrans>("History", gui.env.newTransNoAvg(),new Model(gui.env),"class=std"),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot user = gui.env.slot(NAME+".user");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() {
+ @Override
+ public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ String obUser = trans.get(user, null);
+
+ // Use Javascript to make the table title more descriptive
+ hgen.js()
+ .text("var caption = document.querySelector(\".title\");")
+ .text("caption.innerHTML='History for User [ " + obUser + " ]';")
+ .done();
+
+ // Use Javascript to change Link Target to our last visited Detail page
+ String lastPage = CredDetail.HREF + "?role=" + obUser;
+ hgen.js()
+ .text("alterLink('roledetail', '"+lastPage + "');")
+ .done();
+
+ hgen.br();
+ hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end()
+ .divID("advanced_search", "style=display:none");
+ hgen.incr("table");
+
+ addDateRow(hgen,"Start Date");
+ addDateRow(hgen,"End Date");
+ hgen.incr("tr").incr("td");
+ hgen.tagOnly("input", "type=button","value=Get History",
+ "onclick=datesURL('"+HREF+"?user=" + obUser+"');","class=greenbutton");
+ hgen.end().end();
+ hgen.end();
+ hgen.end();
+ }
+ });
+ }
+ }
+
+ );
+
+ }
+
+ private static void addDateRow(HTMLGen hgen, String s) {
+ hgen
+ .incr("tr")
+ .incr("td")
+ .incr("label", "for=month", "required").text(s+"*").end()
+ .end()
+ .incr("td")
+ .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
+ .incr("option", "value=").text("Month").end();
+ for(NsHistory.Month m : NsHistory.Month.values()) {
+ if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
+ hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
+ } else {
+ hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end();
+ }
+ }
+ hgen.end()
+ .end()
+ .incr("td")
+ .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required",
+ "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900",
+ "max="+Calendar.getInstance().get(Calendar.YEAR),
+ "placeholder=Year").end()
+ .end();
+ }
+
+
+ /**
+ * Implement the Table Content for History
+ *
+ * @author Jonathan
+ *
+ */
+ private static class Model extends TableData<AAF_GUI,AuthzTrans> {
+ private static final String[] headers = new String[] {"Date","User","Memo"};
+ private Slot user;
+ private Slot dates;
+
+ public Model(AuthzEnv env) {
+ user = env.slot(NAME+".user");
+ dates = env.slot(NAME+".dates");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthzTrans trans, final AAF_GUI gui) {
+ final String oName = trans.get(user,null);
+ final String oDates = trans.get(dates,null);
+
+ Cells rv = Cells.EMPTY;
+ if (oName!=null) {
+
+ try {
+ rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
+ @Override
+ public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ ArrayList<AbsCell[]> rv = new ArrayList<>();
+ TimeTaken tt = trans.start("AAF Get History for credential ["+oName+"]",Env.REMOTE);
+ String msg = null;
+ try {
+ if (oDates != null) {
+ client.setQueryParams("yyyymm="+oDates);
+ }
+ Future<History> fh = client.read("/authz/hist/subject/"+oName + "/cred",gui.getDF(History.class));
+ if (fh.get(AAF_GUI.TIMEOUT)) {
+ tt.done();
+ tt = trans.start("Load History Data", Env.SUB);
+ List<Item> histItems = fh.value.getItem();
+
+ java.util.Collections.sort(histItems, new Comparator<Item>() {
+ @Override
+ public int compare(Item o1, Item o2) {
+ return o2.getTimestamp().compare(o1.getTimestamp());
+ }
+ });
+
+ for (Item i : histItems) {
+ String user = i.getUser();
+ AbsCell userCell = new TextCell(user);
+
+ String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>");
+ rv.add(new AbsCell[] {
+ new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
+ userCell,
+ new TextCell(memo)
+ });
+ }
+ } else {
+ if (fh.code()==403) {
+ rv.add(new AbsCell[] {new TextCell("You may not view History of Credentiol[" + oName + "]", "colspan = 3", "class=center")});
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")});
+ }
+ }
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,msg);
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ }
+ return rv;
+ }
+ }
+
+}
// {"onboard","Onboarding"},
{"passwd","Password Management","/gui/passwd"},
{"cui","Command Prompt","/gui/cui"},
- {"api","AAF API","/gui/api"}
+ {"api","AAF API","/gui/api"},
+ {"clear","Clear Preferences","/gui/clear"}
};
public Home(final AAF_GUI gui) throws APIException, IOException {
}
String historyLink = NsHistory.HREF
+ "?name=" + nsName;
- rv.add(new AbsCell[] {new RefCell("See History",historyLink,false)});
+ rv.add(new AbsCell[] {new RefCell("See History",historyLink,false,"class=greenbutton")});
} finally {
tt.done();
}
static final String NAME="NsHistory";
static final String HREF = "/gui/nsHistory";
static final String FIELDS[] = {"name","dates"};
- static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
.done();
hgen.br();
- hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end()
.divID("advanced_search", "style=display:none");
hgen.incr("table");
addDateRow(hgen,"End Date");
hgen.incr("tr").incr("td");
hgen.tagOnly("input", "type=button","value=Get History",
- "onclick=datesURL('"+HREF+"?name=" + obName+"');");
+ "onclick=datesURL('"+HREF+"?name=" + obName+"');","class=greenbutton");
hgen.end().end();
hgen.end();
hgen.end();
public class PendingRequestsShow extends Page {
public static final String HREF = "/gui/myrequests";
public static final String NAME = "MyRequests";
- static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
- static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display
+ private static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display
private static final String AS_USER=NAME+".as_user";
public PendingRequestsShow(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
String historyLink = PermHistory.HREF
+ "?type=" + pType + "&instance=" + pInstance + "&action=" + pAction;
- rv.add(new AbsCell[] {new RefCell("See History",historyLink,false)});
+ rv.add(new AbsCell[] {new RefCell("See History",historyLink,false,"class=greenbutton")});
} else {
rv.add(new AbsCell[] {new TextCell(
fp.code()==HttpStatus.NOT_FOUND_404?
static final String NAME="PermHistory";
static final String HREF = "/gui/permHistory";
static final String FIELDS[] = {"type","instance","action","dates"};
- static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
- static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
- AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
public PermHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
super(gui.env,NAME,HREF, FIELDS,
.done();
hgen.br();
- hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end()
.divID("advanced_search", "style=display:none");
hgen.incr("table");
hgen.tagOnly("input", "type=button","value=Get History",
"onclick=datesURL('"+HREF+"?type=" + type
+ "&instance=" + instance
- + "&action=" + action+"');");
+ + "&action=" + action+"');","class=greenbutton");
hgen.end().end();
hgen.end();
hgen.end();
.incr("td")
.incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
.incr("option", "value=").text("Month").end();
- for (Month m : Month.values()) {
+ for (NsHistory.Month m : NsHistory.Month.values()) {
if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
} else {
// History
rv.add(new AbsCell[] {
- new RefCell("See History",RoleHistory.HREF + "?role=" + pRole,false)
+ new RefCell("See History",RoleHistory.HREF + "?role=" + pRole,false,"class=greenbutton")
});
} else {
rv.add(new AbsCell[]{
static final String NAME="RoleHistory";
static final String HREF = "/gui/roleHistory";
static final String FIELDS[] = {"role","dates"};
- static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
- static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
- AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
+
public RoleHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
super(gui.env,NAME,HREF, FIELDS,
.done();
hgen.br();
- hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end()
.divID("advanced_search", "style=display:none");
hgen.incr("table");
addDateRow(hgen,"End Date");
hgen.incr("tr").incr("td");
hgen.tagOnly("input", "type=button","value=Get History",
- "onclick=datesURL('"+HREF+"?role=" + obRole+"');");
+ "onclick=datesURL('"+HREF+"?role=" + obRole+"');","class=greenbutton");
hgen.end().end();
hgen.end();
hgen.end();
.incr("td")
.incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
.incr("option", "value=").text("Month").end();
- for (Month m : Month.values()) {
+ for (NsHistory.Month m : NsHistory.Month.values()) {
if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
} else {
color: white;
font-family: "Lucida Console", Monaco, monospace;
overflow-y: scroll;
- height: 300px;
+ height: 600px;
min-width: 600px;
padding: 5px;
resize: vertical;
cmds = document.querySelector("#command_field").value.split(" ");
var cleanCmd = "";
if (document.querySelector("#details_img").getAttribute("class") == "selected")
- cleanCmd += "set details=true ";
+ cleanCmd += "details ";
for (var i = 0; i < cmds.length;i++) {
var trimmed = cmds[i].trim();
if (trimmed != "")
content.removeAttribute("class");
footer.style.display="";
console_area.style.resize="vertical";
- console_area.style.height="300px";
+ console_area.style.height="600px";
}
selectOption(img,0);
}
Log4JLogIt logIt = new Log4JLogIt(args, "hello");
PropAccess propAccess = new PropAccess(logIt,args);
- AAF_Hello service = new AAF_Hello(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_Hello(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
Log4JLogIt logIt = new Log4JLogIt(args, "locate");
PropAccess propAccess = new PropAccess(logIt,args);
- AAF_Locate service = new AAF_Locate(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_Locate(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
package org.onap.aaf.auth.locate.service;
import java.util.List;
-import java.util.UUID;
import org.onap.aaf.auth.dao.cass.ConfigDAO;
import org.onap.aaf.auth.dao.cass.ConfigDAO.Data;
return Result.err(Result.ERR_BadData,v.errs());
}
int count = 0;
+ StringBuilder denied = null;
for (MgmtEndpoint me : meps.getMgmtEndpoint()) {
if (permToRegister) {
int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName()
- AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getName(),"write");
- if (trans.fish(p)) {
- LocateDAO.Data data = mapper.locateData(me);
- locateDAO.update(trans, data, true);
- ++count;
- } else {
- return Result.err(Result.ERR_Denied,"May not register service (needs " + p.getKey() + ')');
+ AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write");
+ if (!trans.fish(p)) {
+ if(denied==null) {
+ denied = new StringBuilder("May not register service(s):");
+ }
+
+ denied.append("\n\t");
+ denied.append(p.getKey());
+ denied.append(')');
+ continue;
}
- } else { //TODO if (MechID is part of Namespace) {
- LocateDAO.Data data = mapper.locateData(me);
- locateDAO.update(trans, data, true);
- ++count;
}
+ LocateDAO.Data data = mapper.locateData(me);
+ locateDAO.update(trans, data, true);
+ ++count;
}
if (count>0) {
return Result.ok();
} else {
- return Result.err(Result.ERR_NotFound, "No endpoints found");
+ return denied==null?Result.err(Result.ERR_NotFound, "No endpoints found")
+ :Result.err(Result.ERR_Security,denied.toString());
}
}
return Result.err(Result.ERR_BadData,v.errs());
}
int count = 0;
+ StringBuilder denied = null;
for (MgmtEndpoint me : meps.getMgmtEndpoint()) {
- int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName()
- AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write");
- if (trans.fish(p)) {
- LocateDAO.Data data = mapper.locateData(me);
- data.port_key = UUID.randomUUID();
- locateDAO.delete(trans, data, false);
- ++count;
- } else {
- return Result.err(Result.ERR_Denied,"May not register service (needs " + p.getKey() + ')');
- }
+ if (permToRegister) {
+ int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName()
+ AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write");
+ if (!trans.fish(p)) {
+ if(denied==null) {
+ denied = new StringBuilder("May not deregister service(s):");
+ }
+
+ denied.append("\n\t");
+ denied.append(p.getKey());
+ denied.append(')');
+ continue;
+ }
+ }
+ LocateDAO.Data data = mapper.locateData(me);
+ locateDAO.delete(trans, data, true);
+ ++count;
}
if (count>0) {
return Result.ok();
} else {
- return Result.err(Result.ERR_NotFound, "No endpoints found");
+ return denied==null?Result.err(Result.ERR_NotFound, "No endpoints found")
+ :Result.err(Result.ERR_Security,denied.toString());
}
}
Log4JLogIt logIt = new Log4JLogIt(args, "oauth");
PropAccess propAccess = new PropAccess(logIt,args);
- AAF_OAuth service = new AAF_OAuth(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_OAuth(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
Log4JLogIt logIt = new Log4JLogIt(args, "authz");
PropAccess propAccess = new PropAccess(logIt,args);
- AbsService<AuthzEnv, AuthzTrans> service = new AAF_Service(new AuthzEnv(propAccess));
- JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
- jss.start();
+ try {
+ new JettyServiceStarter<AuthzEnv,AuthzTrans>(
+ new AAF_Service(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
import org.onap.aaf.auth.service.validation.ServiceValidator;
import org.onap.aaf.auth.validation.Validator;
import org.onap.aaf.cadi.principal.BasicPrincipal;
+import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.util.Chrono;
@Override
public Result<?> mayChange() {
// User can change himself (but not create)
- if (trans.user().equals(cred.id)) {
- return Result.ok();
- }
if (nsd==null) {
nsd = ques.validNSOfDomain(trans, cred.id);
}
// Get the Namespace
if (nsd.isOK()) {
- if (ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) {
- return Result.ok();
- }
String user[] = Split.split('.',trans.user());
if (user.length>2) {
String company = user[user.length-1] + '.' + user[user.length-2];
return Result.ok(users);
}
- /***********************************
+/***********************************
* HISTORY
***********************************/
@Override
@Override
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
- if (v.nullOrBlank("NS",ns)
- .err()) {
+ if (v.nullOrBlank("NS",ns).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
return mapper.history(trans, resp.value,sort);
}
+ @Override
+ public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, final int sort) {
+ NsDAO.Data ndd = new NsDAO.Data();
+ ndd.name = FQI.reverseDomain(subject);
+ Result<Data> rnd = ques.mayUser(trans, trans.user(), ndd, Access.read);
+ if (rnd.notOK()) {
+ return Result.err(rnd);
+ }
+
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, subject, target, yyyymm);
+ if (resp.notOK()) {
+ return Result.err(resp);
+ }
+ return mapper.history(trans, resp.value,sort);
+ }
+
/***********************************
* DELEGATE
***********************************/
*/
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String subj, int[] yyyymm, int sort);
+ /**
+ *
+ * @param trans
+ * @param target
+ * @param yyyymm
+ * @param sort
+ * @return
+ */
+ public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort);
+
/***********************************
* DELEGATE
***********************************/
*/
public void dbReset(AuthzTrans trans);
-
-
-
}
}
}
});
+
+ /**
+ * Get History by Subject
+ */
+ authzAPI.route(GET,"/authz/hist/subject/:type/:subject",API.HISTORY,new Code(facade,"Get History by Perm Type", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ int[] years;
+ int descend;
+ try {
+ years = getYears(req);
+ descend = decending(req);
+ } catch (Exception e) {
+ context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));
+ return;
+ }
+
+ Result<Void> r = context.getHistoryBySubject(trans, resp, pathParam(req,":type"), pathParam(req,":subject"),years,descend);
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+ }
+ });
}
// Check if Ascending
*/
public abstract Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort);
- public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);
+ public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort);
- public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);
+ public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort);
- public abstract Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);
+ public abstract Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String ns, int[] yyyymm, final int sort);
- /*
+ public abstract Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String type, String subject, int[] yyyymm, int sort);
+
+ /*
* Cache
*/
public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam);
public static final String GET_HISTORY_ROLE = "getHistoryByRole";
public static final String GET_HISTORY_PERM = "getHistoryByPerm";
public static final String GET_HISTORY_NS = "getHistoryByNS";
+ public static final String GET_HISTORY_SUBJECT = "getHistoryBySubject";
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getHistoryByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
}
}
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#getHistoryByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String subject, String target, int[] yyyymm, final int sort) {
+ StringBuilder sb = new StringBuilder();
+ sb.append(GET_HISTORY_SUBJECT);
+ sb.append(' ');
+ sb.append(subject);
+ sb.append(" for ");
+ boolean first = true;
+ for (int i : yyyymm) {
+ if (first) {
+ first = false;
+ } else {
+ sb.append(',');
+ }
+ sb.append(i);
+ }
+ TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS);
+
+ try {
+ Result<HISTORY> rh = service.getHistoryBySubject(trans,subject,target,yyyymm,sort);
+ switch(rh.status) {
+ case OK:
+ RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
+ if (Question.willSpecialLog(trans, trans.user())) {
+ Question.logEncryptTrace(trans,data.asString());
+ }
+
+ data.to(resp.getOutputStream());
+ setContentType(resp,historyDF.getOutType());
+ return Result.ok();
+ default:
+ return Result.err(rh);
+ }
+ } catch (Exception e) {
+ trans.error().log(e,IN,GET_HISTORY_USER);
+ return Result.err(e);
+ } finally {
+ tt.done();
+ }
+ }
+
public final static String CACHE_CLEAR = "cacheClear ";
// public final static String CACHE_VALIDATE = "validateCache";
-. ../../docker/d.props
+. ../../docker/aaf.props
IMAGE=onap/aaf/aaf_agent:$VERSION
kubectl -n onap run -it --rm aaf-agent-$USER --image=$IMAGE --overrides='
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.12-SNAPSHOT
+ version: 2.1.14-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
-aaf|aaf_env|DEV
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
-aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
+aaf,aaf_cm_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1\r
+aaf,aaf_env,DEV\r
+aaf,aaf_fs_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1\r
+aaf,aaf_gui_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1\r
+aaf,aaf_locate_url,https://aaf.dev.att.com:8095\r
+aaf,aaf_oauth2_introspect_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect\r
+aaf,aaf_oauth2_token_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token\r
+aaf,aaf_oauth_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1\r
+aaf,aaf_root_ns,com.att.aaf\r
+aaf,aaf_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1\r
+aaf,cadi_protocols,"TLSv1.1,TLSv1.2"\r
+aaf,cadi_x509_issuers,"CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US"\r
* If you want a simple field comparison, it is faster without REGEX
*/
public boolean match(Permission p) {
+ if(p==null) {
+ return false;
+ }
String aafNS;
String aafType;
String aafInstance;
}
if(specificVersion!=null) {
String split[] = Split.splitTrim('.', specificVersion);
- locate.setPkg(split.length>3?Integer.parseInt(split[3]):0);
- locate.setPatch(split.length>2?Integer.parseInt(split[2]):0);
- locate.setMinor(split.length>1?Integer.parseInt(split[1]):0);
- locate.setMajor(split.length>0?Integer.parseInt(split[0]):0);
+ String deply[]= Split.splitTrim('.', access.getProperty(Config.AAF_DEPLOYED_VERSION, ""));
+ locate.setMajor(best(split,deply,0));
+ locate.setMinor(best(split,deply,1));
+ locate.setPatch(best(split,deply,2));
+ locate.setPkg(best(split,deply,3));
}
String protocol = access.getProperty(Config.AAF_LOCATOR_PROTOCOL + dot_le, defProtocol);
return me;
}
- private StringBuilder print(StringBuilder sb, List<MgmtEndpoint> lme) {
+ /*
+ * Find the best version between Actual Interface and Deployed version
+ */
+ private int best(String[] split, String[] deploy, int i) {
+ StringBuilder sb = new StringBuilder();
+ char c;
+ String s;
+ if(split.length>i) {
+ s=split[i];
+ for(int j=0;j<s.length();++j) {
+ if(Character.isDigit(c=s.charAt(j))) {
+ sb.append(c);
+ } else {
+ break;
+ }
+ }
+ }
+
+ if(sb.length()==0 && deploy.length>i) {
+ s=deploy[i];
+ for(int j=0;j<s.length();++j) {
+ if(Character.isDigit(c=s.charAt(j))) {
+ sb.append(c);
+ } else {
+ break;
+ }
+ }
+ }
+
+ return sb.length()==0?0:Integer.parseInt(sb.toString());
+ }
+
+ private StringBuilder print(StringBuilder sb, List<MgmtEndpoint> lme) {
int cnt = 0;
for(MgmtEndpoint m : lme) {
print(sb,cnt++,m);
out.append('.');
out.append(mep.getMinor());
out.append('.');
- out.append(mep.getPkg());
- out.append('.');
out.append(mep.getPatch());
+ out.append('.');
+ out.append(mep.getPkg());
out.append("\n\tPort: ");
out.append(mep.getPort());
out.append("\n\tProtocol: ");
out.setLongitude(mep.getLongitude());
out.setMajor(mep.getMajor());
out.setMinor(mep.getMinor());
- out.setPkg(mep.getPkg());
out.setPatch(mep.getPatch());
+ out.setPkg(mep.getPkg());
out.setPort(mep.getPort());
out.setProtocol(mep.getProtocol());
out.getSpecialPorts().addAll(mep.getSpecialPorts());
Code Review / aaf / authz.git / commitdiff