* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
+ * Modifications Copyright (C) 2018 IBM.
+ * ============================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
public static final String TABLE = "delegate";
private PSInfo psByDelegate;
+ private static final int KEYLIMIT = 1;
public DelegateDAO(AuthzTrans trans, Cluster cluster, String keyspace) {
super(trans, DelegateDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
init(trans);
}
- private static final int KEYLIMIT = 1;
+
public static class Data implements Bytification {
- public String user;
- public String delegate;
- public Date expires;
+ public static String user;
+ public static String delegate;
+ public static Date expires;
@Override
public ByteBuffer bytify() throws IOException {
if (sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys
String[] skeys=Split.split(startChar,sInst);
String[] pkeys=Split.split(startChar,pInst);
- if (skeys.length!=pkeys.length) return false;
+ if (pkeys.length<skeys.length) {
+ return false;
+ } else if(pkeys.length > skeys.length &&
+ (skeys.length==0 || !ASTERIX.equals(skeys[skeys.length-1]))) {
+ return false;
+ }
boolean pass = true;
for (int i=1;pass && i<skeys.length;++i) { // We start at 1, because the first one, being ":" is always ""
- if (ASTERIX.equals(skeys[i]))continue; // Server data accepts all for this key spot
+ if (ASTERIX.equals(skeys[i])) {
+ if(i==skeys.length-1) {
+ // accept all after
+ return true;
+ }
+ continue; // Server data accepts all for this key spot
+ }
pass = false;
for (String sItem : Split.split(LIST_SEP,skeys[i])) { // allow for "," definition in Action
if (pkeys[i].length()==0) {
@SuppressWarnings("unused")
PermEval pe = new PermEval();
}
+
+ @Test
+ public void pathTest() {
+ assertTrue(PermEval.evalInstance("/","/"));
+ assertFalse(PermEval.evalInstance("/","/hello"));
+ assertTrue(PermEval.evalInstance("/","/"));
+ assertTrue(PermEval.evalInstance("/onap/so/infra/*/*/*","/onap/so/infra/a/b/c"));
+ assertFalse(PermEval.evalInstance("/onap/so/infra/*","/onap/so/infra"));
+ assertTrue(PermEval.evalInstance("/onap/so/infra/*","/onap/so/infra/a/b/c"));
+ assertTrue(PermEval.evalInstance("/onap/so/infra*","/onap/so/infra"));
+ assertFalse(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra"));
+ assertFalse(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra23"));
+ assertTrue(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra23/hello"));
+ assertFalse(PermEval.evalInstance("/onap/so/*/hello","/onap/so/infra23"));
+ assertFalse(PermEval.evalInstance("/onap/so/*/","/onap/so/infra23"));
+ assertTrue(PermEval.evalInstance("/onap/so/*/","/onap/so/infra23/"));
+ }
+
+
}
Code Review / aaf / authz.git / commitdiff