try {
while(iter.hasNext()) {
row = iter.next();
- Perm pk = new Perm(row.getString(0),row.getString(1),row.getString(2),row.getString(3), row.getString(4), row.getSet(5,String.class));
+ Perm pk = new Perm(
+ row.getString(0),row.getString(1),row.getString(2),
+ row.getString(3), row.getString(4), row.getSet(5,String.class));
keys.put(pk.encode(), pk);
data.put(pk,pk.roles);
}
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
-import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
content.remove(entry.getKey());
//System.out.println("removed Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
}
- for(int i=end;i<size;++i) {
- Entry<String, Content> entry = scont.get(i).entry;
- //System.out.println("remaining Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
- }
+// for(int i=end;i<size;++i) {
+// Entry<String, Content> entry = scont.get(i).entry;
+// //System.out.println("remaining Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
+// }
}
}
}
import java.io.IOException;
import java.io.PrintStream;
-import org.junit.Test;
-
public class JU_AAF_FS {
AuthzEnv aEnv;
AAF_FS aafFs;
import org.onap.aaf.cadi.taf.TafResp;
public class OAuth2FormHttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = DirectOAuthTAF.class.getSimpleName();
private HttpServletResponse httpResp;
private RESP status;
private final boolean wasFailed;
public OAuth2FormHttpTafResp(Access access, OAuth2FormPrincipal principal, String desc, RESP status, HttpServletResponse resp, boolean wasFailed) {
- super(access,principal, desc);
+ super(access,tafName,principal, desc);
httpResp = resp;
this.status = status;
this.wasFailed = wasFailed;
}
public OAuth2FormHttpTafResp(Access access, TrustPrincipal principal, String desc, RESP status,HttpServletResponse resp) {
- super(access,principal, desc);
+ super(access,tafName,principal, desc);
httpResp = resp;
this.status = status;
wasFailed = true; // if Trust Principal added, must be good
public boolean isFailedAttempt() {
return wasFailed;
}
+
}
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.User;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Holder;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.lur.LocalPermission;
+import org.onap.aaf.cadi.util.Timing;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Split;
protected User<AAFPermission> loadUser(final Principal principal) {
final String name = principal.getName();
-// TODO Create a dynamic way to declare domains supported.
final long start = System.nanoTime();
+ final Holder<Float> remote = new Holder<Float>(0f);
+
final boolean[] success = new boolean[]{false};
-// new Exception("loadUser").printStackTrace();
try {
return aaf.best(new Retryable<User<AAFPermission>>() {
@Override
public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);
// In the meantime, lookup User, create if necessary
}
// OK, done all we can, now get content
- if(fp.get(aaf.timeout)) {
+ boolean ok = fp.get(aaf.timeout);
+ remote.set(Timing.millis(remoteStart));
+ if(ok) {
success[0]=true;
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
success[0]=false;
return null;
} finally {
- float time = (System.nanoTime()-start)/1000000f;
- aaf.access.log(Level.INFO, success[0]?"Loaded":"Load Failure",name,"from AAF in",time,"ms");
+ aaf.access.printf(Level.INFO, "AAFLurPerm: %s %s perms from AAF in %f ms, remote=%f",
+ (success[0]?"Loaded":"Load Failure"),name,Timing.millis(start),remote.get());
}
}
- public Resp reload(User<AAFPermission> user) {
+ public Resp reload(final User<AAFPermission> user) {
final String name = user.name;
long start = System.nanoTime();
- boolean success = false;
+ final Holder<Float> remote = new Holder<Float>(0f);
+ final Holder<Boolean> success = new Holder<Boolean>(false);
try {
- Future<Perms> fp = aaf.client(Config.AAF_DEFAULT_VERSION).read(
- "/authz/perms/user/"+name,
- aaf.permsDF
- );
-
- // OK, done all we can, now get content
- if(fp.get(aaf.timeout)) {
- success = true;
- Map<String,Permission> newMap = user.newMap();
- boolean willLog = aaf.access.willLog(Level.DEBUG);
- for(Perm perm : fp.value.getPerm()) {
- user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
- if(willLog) {
- aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
+ Resp rv = aaf.best(new Retryable<Resp>() {
+ @Override
+ public Resp code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
+ Future<Perms> fp = aaf.client(Config.AAF_DEFAULT_VERSION).read(
+ "/authz/perms/user/"+name,
+ aaf.permsDF
+ );
+
+ // OK, done all we can, now get content
+ boolean ok = fp.get(aaf.timeout);
+ remote.set(Timing.millis(remoteStart));
+ if(ok) {
+ success.set(true);
+ Map<String,Permission> newMap = user.newMap();
+ boolean willLog = aaf.access.willLog(Level.DEBUG);
+ for(Perm perm : fp.value.getPerm()) {
+ user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ if(willLog) {
+ aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
+ }
+ }
+ user.renewPerm();
+ return Resp.REVALIDATED;
+ } else {
+ int code;
+ switch(code=fp.code()) {
+ case 401:
+ aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
+ break;
+ default:
+ aaf.access.log(Access.Level.ERROR, code, fp.body());
+ }
+ return Resp.UNVALIDATED;
}
}
- user.renewPerm();
- return Resp.REVALIDATED;
- } else {
- int code;
- switch(code=fp.code()) {
- case 401:
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
- break;
- default:
- aaf.access.log(Access.Level.ERROR, code, fp.body());
- }
- return Resp.UNVALIDATED;
- }
+ });
+ return rv;
} catch (Exception e) {
aaf.access.log(e,"Calling","/authz/perms/user/"+name);
return Resp.INACCESSIBLE;
} finally {
- float time = (System.nanoTime()-start)/1000000f;
- aaf.access.log(Level.AUDIT, success?"Reloaded":"Reload Failure",name,"from AAF in",time,"ms");
+ aaf.access.printf(Level.INFO, "AAFLurPerm: %s %s perms from AAF in %f ms (remote=%f)",
+ (success.get()?"Reloaded":"Reload Failure"),name,Timing.millis(start),remote.get());
}
}
import org.onap.aaf.cadi.taf.TafResp;
public class OAuth2HttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = OAuth2HttpTaf.class.getSimpleName();
private HttpServletResponse httpResp;
private RESP status;
private final boolean wasFailed;
public OAuth2HttpTafResp(Access access, OAuth2Principal principal, String desc, RESP status, HttpServletResponse resp, boolean wasFailed) {
- super(access,principal, desc);
+ super(access,tafName, principal, desc);
httpResp = resp;
this.status = status;
this.wasFailed = wasFailed;
}
public OAuth2HttpTafResp(Access access, TrustPrincipal principal, String desc, RESP status,HttpServletResponse resp) {
- super(access,principal, desc);
+ super(access,tafName, principal, desc);
httpResp = resp;
this.status = status;
wasFailed = true; // if Trust Principal added, must be good
return wasFailed;
}
-
}
import org.onap.aaf.cadi.lur.EpiLur;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
import org.onap.aaf.cadi.taf.TafResp;
+import org.onap.aaf.cadi.util.Timing;
*/
@Override
public boolean isUserInRole(String perm) {
- return perm==null?false:checkPerm(access,"(HttpRequest)",principal,pconv,lur,perm);
+ return perm==null?false:checkPerm(access,"isUserInRole",principal,pconv,lur,perm);
}
public static boolean checkPerm(Access access, String caller, Principal principal, PermConverter pconv, Lur lur, String perm) {
access.log(Level.AUDIT,caller, "No Principal in Transaction");
return false;
} else {
+ final long start = System.nanoTime();
perm = pconv.convert(perm);
if(lur.fish(principal,lur.createPerm(perm))) {
- access.log(Level.DEBUG,caller, principal.getName(), "has", perm);
+ access.printf(Level.DEBUG,"%s: %s has %s, %f ms", caller, principal.getName(), perm, Timing.millis(start));
return true;
} else {
- access.log(Level.DEBUG,caller, principal.getName(), "does not have", perm);
+ access.printf(Level.DEBUG,"%s: %s does not have %s, %f ms", caller, principal.getName(), perm, Timing.millis(start));
return false;
}
}
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CadiWrap;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.ServletContextAccess;
import org.onap.aaf.cadi.TrustChecker;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.Get;
import org.onap.aaf.cadi.taf.TafResp;
import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.util.Timing;
/**
* CadiFilter
*/
//TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ final long startAll = System.nanoTime();
+ long startCode, startValidate;
+ float code=0f, validate=0f;
+ String user = "n/a";
+ String tag = "";
try {
HttpServletRequest hreq = (HttpServletRequest)request;
if(noAuthn(hreq)) {
+ startCode=System.nanoTime();
chain.doFilter(request, response);
+ code = Timing.millis(startCode);
} else {
HttpServletResponse hresp = (HttpServletResponse)response;
+ startValidate=System.nanoTime();
TafResp tresp = httpChecker.validate(hreq, hresp, hreq);
+ validate = Timing.millis(startValidate);
if(tresp.isAuthenticated()==RESP.IS_AUTHENTICATED) {
+ user = tresp.getPrincipal().personalName();
+ tag = tresp.getPrincipal().tag();
CadiWrap cw = new CadiWrap(hreq, tresp, httpChecker.getLur(),getConverter(hreq));
if(httpChecker.notCadi(cw, hresp)) {
+ startCode=System.nanoTime();
oauthFilter.doFilter(cw,response,chain);
+ code = Timing.millis(startCode);
}
- }
+ }
}
} catch (ClassCastException e) {
throw new ServletException("CadiFilter expects Servlet to be an HTTP Servlet",e);
+ } finally {
+ access.printf(Level.WARN, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code);
}
}
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
/**
* AbsTafResp
*/
public abstract class AbsTafResp implements TafResp {
- protected final String desc;
- protected final TaggedPrincipal principal;
protected final Access access;
+ protected final String tafName;
+ protected final TaggedPrincipal principal;
+ protected final String desc;
+ private float timing;
/**
* AbsTafResp
* Access (for access to underlying container, i.e. for Logging, auditing, ClassLoaders, etc)
*
* @param access
+ * @param tafname
* @param principal
* @param description
*/
- public AbsTafResp(Access access, TaggedPrincipal principal, String description) {
+ public AbsTafResp(Access access, String tafname, TaggedPrincipal principal, String description) {
this.access = access;
+ this.tafName = tafname;
this.principal = principal;
this.desc = description;
}
return false;
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(final long start) {
+ timing = Timing.millis(start);
+ }
+
+ @Override
+ public String taf() {
+ return tafName;
+ }
+
}
}
try {
for (HttpTaf taf : tafs) {
+ final long start = System.nanoTime();
tresp = taf.validate(reading, req, resp);
- addToLog(log, tresp);
+ addToLog(log, tresp, start);
switch(tresp.isAuthenticated()) {
case TRY_ANOTHER_TAF:
break; // and loop
return Resp.NOT_MINE;
}
- private void addToLog(List<TafResp> log, TafResp tresp) {
+ private void addToLog(List<TafResp> log, final TafResp tresp, final long start) {
if (log == null) {
return;
}
+ tresp.timing(start);
log.add(tresp);
}
return;
}
for (TafResp tresp : log) {
- access.log(Level.DEBUG, tresp.desc());
+ access.printf(Level.DEBUG, "%s: %s, ms=%f", tresp.taf(), tresp.desc(), tresp.timing());
}
}
private final String loginPageURL;
private LoginPageTafResp(Access access, final HttpServletResponse resp, String loginPageURL) {
- super(access, null, "Multiple Possible HTTP Logins available. Redirecting to Login Choice Page");
+ super(access, "LoginPage", null, "Multiple Possible HTTP Logins available. Redirecting to Login Choice Page");
httpResp = resp;
this.loginPageURL = loginPageURL;
}
return NullTafResp.singleton();
}
+
+ @Override
+ public String taf() {
+ return "LoginPage";
+ }
+
}
public boolean isFailedAttempt() {
return true;
}
+
+ @Override
+ public float timing() {
+ return 0;
+ }
+
+ @Override
+ public void timing(long start) {
+ }
+
+ @Override
+ public String taf() {
+ return "NULL";
+ }
+
}
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
/**
* A Punt Resp to make it fast and easy for a Taf to respond that it cannot handle a particular kind of
*
*/
public class PuntTafResp implements TafResp {
+ private final String name;
private final String desc;
+ private float timing;
public PuntTafResp(String name, String explanation) {
- desc = name + " is not processing this transaction: " + explanation;
+ this.name = name;
+ desc = "Not processing this transaction: " + explanation;
}
public boolean isValid() {
public boolean isFailedAttempt() {
return false;
}
+
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
+
+ @Override
+ public String taf() {
+ return name;
+ }
+
}
* Be able to check if part of a Failed attempt
*/
public boolean isFailedAttempt();
+
+ /**
+ * report how long this took
+ * @return
+ */
+ public float timing();
+
+ /**
+ * Set end of timing in Millis, given Nanos
+ * @param start
+ */
+ void timing(long start);
+
+ /**
+ * Support Taf Name
+ */
+ String taf();
}
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
public class TrustNotTafResp implements TafResp {
private final TafResp delegate;
private final String desc;
+ private float timing;
public TrustNotTafResp(final TafResp delegate, final String desc) {
this.delegate = delegate;
public boolean isFailedAttempt() {
return true;
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
+ @Override
public String toString() {
return desc();
}
+
+ @Override
+ public String taf() {
+ return "TrustNot";
+ }
+
}
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
public class TrustTafResp implements TafResp {
private final TafResp delegate;
private final TaggedPrincipal principal;
private final String desc;
+ private float timing;
public TrustTafResp(final TafResp delegate, final TaggedPrincipal principal, final String desc) {
this.delegate = delegate;
public boolean isFailedAttempt() {
return delegate.isFailedAttempt();
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
public String toString() {
return principal.getName() + " by trust of " + desc();
}
+
+ @Override
+ public String taf() {
+ return "Trust";
+ }
+
}
import org.onap.aaf.cadi.taf.TafResp;
public class BasicHttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = BasicHttpTaf.class.getSimpleName();
private HttpServletResponse httpResp;
private String realm;
private RESP status;
private final boolean wasFailed;
public BasicHttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status, HttpServletResponse resp, String realm, boolean wasFailed) {
- super(access,principal, description);
+ super(access, tafName, principal, description);
httpResp = resp;
this.realm = realm;
this.status = status;
public boolean isFailedAttempt() {
return wasFailed;
}
-
-
}
import org.onap.aaf.cadi.taf.TafResp;
public class X509HttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = X509Taf.class.getSimpleName();
+
private RESP status;
public X509HttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status) {
- super(access, principal, description);
+ super(access, tafName, principal, description);
this.status = status;
}
import org.onap.aaf.cadi.util.Split;
public class X509Taf implements HttpTaf {
-
private static final String CERTIFICATE_NOT_VALID_FOR_AUTHENTICATION = "Certificate NOT valid for Authentication";
public static final CertificateFactory certFactory;
public static final MessageDigest messageDigest;
import org.onap.aaf.cadi.taf.AbsTafResp;
public class DenialOfServiceTafResp extends AbsTafResp {
+ private static final String tafName = DenialOfServiceTaf.class.getSimpleName();
+
private RESP ect; // Homage to Arethra Franklin
public DenialOfServiceTafResp(Access access, RESP resp, String description ) {
- super(access, null, description);
+ super(access, tafName, null, description);
ect = resp;
}
public RESP authenticate() throws IOException {
return ect;
}
+
+ @Override
+ public String taf() {
+ return "DOS";
+ }
+
}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.cadi.util;
+
+public class Timing {
+ public static float millis(final long start) {
+ return (System.nanoTime() - start) / 1000000f;
+ }
+}
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.CredVal.Type;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.lur.ConfigPrincipal;
import org.onap.aaf.cadi.lur.LocalLur;
import org.onap.aaf.cadi.lur.LocalPermission;
dost = new DenialOfServiceTaf(accessMock);
tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
- assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
assertThat(DenialOfServiceTaf.denyIP(ip1), is(true));
assertThat(tafResp.desc(), is(ip1 + " is on the IP Denial list"));
tafResp = dost.validate(LifeForm.SBLF, reqMock2, respMock);
- assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
}
@Test
public class JU_AbsTafResp {
+ private static final String JUNIT = "Junit";
private static final String name = "name";
private static final String tag = "tag";
private static final String description = "description";
@Test
public void test() {
- AbsTafResp tafResp = new AbsTafResp(access, taggedPrinc, description) {
+ AbsTafResp tafResp = new AbsTafResp(access, JUNIT, taggedPrinc, description) {
@Override public RESP authenticate() throws IOException {
return null;
}
assertThat(tafResp.isValid(), is(true));
assertThat(tafResp.desc(), is(description));
+ assertThat(tafResp.taf(), is(JUNIT));
assertThat(tafResp.isAuthenticated(), is(RESP.IS_AUTHENTICATED));
assertThat(tafResp.getPrincipal(), is(taggedPrinc));
assertThat(tafResp.getAccess(), is(access));
assertThat(tafResp.isFailedAttempt(), is(false));
- tafResp = new AbsTafResp(null, null, null) {
+ tafResp = new AbsTafResp(null, JUNIT, null, null) {
@Override public RESP authenticate() throws IOException {
return null;
}
assertThat(tafResp.isAuthenticated(), is(RESP.TRY_ANOTHER_TAF));
assertThat(tafResp.getPrincipal(), is(nullValue()));
assertThat(tafResp.getAccess(), is(nullValue()));
+ assertThat(tafResp.taf(), is(JUNIT));
assertThat(tafResp.isFailedAttempt(), is(false));
}
@Override public RESP authenticate() throws IOException { return null; }
@Override public TaggedPrincipal getPrincipal() { return null; }
@Override public Access getAccess() { return null; }
- @Override public boolean isFailedAttempt() { return false; }
+ @Override public boolean isFailedAttempt() { return false; }
+ @Override public float timing() { return 0; }
+ @Override public void timing(long start) {}
+ @Override public String taf() {return "JUnit";}
}
class TryAnotherTaf implements Taf {
@Override public TaggedPrincipal getPrincipal() { return null; }
@Override public Access getAccess() { return null; }
@Override public boolean isFailedAttempt() { return false; }
+ @Override public float timing() { return 0; }
+ @Override public void timing(long start) {}
+ @Override public String taf() {return "JUnit";}
}
class TryAuthenticatingTaf implements Taf {
assertFalse(punt.isValid());
assertThat(punt.isAuthenticated(), is(RESP.TRY_ANOTHER_TAF));
- assertThat(punt.desc(), is(name + " is not processing this transaction: " + explanation));
+ assertThat(punt.desc(), is("Not processing this transaction: " + explanation));
+ assertThat(punt.taf(), is(name));
assertThat(punt.authenticate(), is(RESP.TRY_ANOTHER_TAF));
assertThat(punt.getPrincipal(), is(nullValue()));
assertThat(punt.getAccess(), is(Access.NULL));
=================== =============== ============
CADI Version VERSION Defaults to CADI version of this
AAF's FQDN AAF_FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
-Deployer's FQI DEPLOY_FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+Deployer's FQI DEPLOY_FQI In a REAL system, this would be a person or process. For ONAP Testing, the id is deploy@people.osaaf.org, password (see Dynamic Properties) is 'demo123456!'
App's Root FQDN APP_FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
App's FQI APP_FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
App's Volume VOLUME Volume to put the data, see above. ex: clamp_aaf