<module>client</module>
<module>aaf</module>
<module>oauth-enduser</module>
- <module>shiro</module>
- <module>shiro-osgi-bundle</module>
</modules>
<!-- ============================================================== -->
+++ /dev/null
-/target
-/bin/
-/.classpath
-/.settings
-/.project
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!--\r
- * ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
--->\r
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
-\r
- <parent>\r
- <groupId>org.onap.aaf.authz</groupId>\r
- <artifactId>cadiparent</artifactId>\r
- <version>2.1.2-SNAPSHOT</version>\r
- <relativePath>..</relativePath>\r
- </parent>\r
- <modelVersion>4.0.0</modelVersion>\r
-\r
- <name>AAF Shiro CADI Plugin</name>\r
- <artifactId>aaf-shiro-aafrealm-osgi-bundle</artifactId>\r
- <packaging>bundle</packaging>\r
-\r
- <properties>\r
- <sonar.skip>true</sonar.skip>\r
- <cadi.shiro.version>2.1.0</cadi.shiro.version>\r
- </properties>\r
-\r
- <build>\r
- <plugins>\r
- <plugin>\r
- <groupId>org.apache.felix</groupId>\r
- <artifactId>maven-bundle-plugin</artifactId>\r
- <version>2.5.4</version>\r
- <extensions>true</extensions>\r
- <configuration>\r
- <instructions>\r
- <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>\r
- <Bundle-Version>${project.version}</Bundle-Version>\r
- <Export-Package>\r
- org.onap.aaf.cadi.shiro*;version=${cadi.shiro.version}\r
- </Export-Package>\r
- <Import-Package>\r
- javax.servlet,\r
- javax.servlet.http,\r
- org.osgi.service.blueprint;version="[1.0.0,2.0.0)",\r
- javax.net.ssl,\r
- javax.crypto,\r
- javax.crypto.spec,\r
- javax.xml.bind.annotation,\r
- javax.xml.bind,\r
- javax.xml.transform,\r
- javax.xml.datatype,\r
- javax.management,\r
- javax.security.auth,\r
- javax.security.auth.login,\r
- javax.security.auth.callback,\r
- javax.xml.soap,\r
- javax.xml.parsers,\r
- javax.xml.namespace,\r
- org.w3c.dom,\r
- org.xml.sax,\r
- javax.xml.transform.stream\r
- </Import-Package>\r
- <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>\r
- <!-- <Embed-Dependency>*;scope=compile|runtime;artifactId=!shiro-core;inline=false</Embed-Dependency> -->\r
- <Embed-Transitive>true</Embed-Transitive>\r
- <Fragment-Host>org.apache.shiro.core</Fragment-Host>\r
- </instructions>\r
- </configuration>\r
- </plugin>\r
- </plugins>\r
-\r
-\r
- </build>\r
-\r
- <dependencies>\r
- <dependency>\r
- <groupId>org.onap.aaf.authz</groupId>\r
- <artifactId>aaf-cadi-shiro</artifactId>\r
- <version>2.1.0</version>\r
- </dependency>\r
- </dependencies>\r
-</project>
\ No newline at end of file
+++ /dev/null
-/.classpath
-/.settings/
-/target/
-/.project
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <groupId>org.onap.aaf.authz</groupId>
- <artifactId>cadiparent</artifactId>
- <version>2.1.2-SNAPSHOT</version>
- <relativePath>..</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <name>AAF CADI Shiro Plugin</name>
- <packaging>jar</packaging>
- <artifactId>aaf-cadi-shiro</artifactId>
-
- <properties>
- <!-- SONAR -->
- <sonar.skip>true</sonar.skip>
- <jacoco.version>0.7.7.201606060606</jacoco.version>
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
- <!-- Default Sonar configuration -->
- <sonar.jacoco.reportPaths>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPaths>
- <sonar.jacoco.itReportPaths>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPaths>
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>
- <nexusproxy>https://nexus.onap.org</nexusproxy>
- <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>
- <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>
- <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>
- <sitePath>/content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version}</sitePath>
- </properties>
-
- <developers>
- <developer>
- <name>Jonathan Gathman</name>
- <email>jonathan.gathman@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Architect</role>
- <role>Lead Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Sai Gandham</name>
- <email>sai.gandham@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- </developers>
-
- <dependencies>
- <dependency>
- <groupId>org.onap.aaf.authz</groupId>
- <artifactId>aaf-cadi-aaf</artifactId>
- </dependency>
- <!--<dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>1.4.0</version>
- </dependency> -->
-
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>1.3.2</version>
- </dependency>
-
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.sonatype.plugins</groupId>
- <artifactId>nexus-staging-maven-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <nexusUrl>${nexusproxy}</nexusUrl>
- <stagingProfileId>176c31dfe190a</stagingProfileId>
- <serverId>ecomp-staging</serverId>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>false</skip>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.jacoco</groupId>
- <artifactId>jacoco-maven-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/gen/**</exclude>
- <exclude>**/generated-sources/**</exclude>
- <exclude>**/yang-gen/**</exclude>
- <exclude>**/pax/**</exclude>
- </excludes>
- </configuration>
- <executions>
- <execution>
- <id>pre-unit-test</id>
- <goals>
- <goal>prepare-agent</goal>
- </goals>
- <configuration>
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>
- <propertyName>surefireArgLine</propertyName>
- </configuration>
- </execution>
- <execution>
- <id>post-unit-test</id>
- <phase>test</phase>
- <goals>
- <goal>report</goal>
- </goals>
- <configuration>
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>
- </configuration>
- </execution>
- <execution>
- <id>pre-integration-test</id>
- <phase>pre-integration-test</phase>
- <goals>
- <goal>prepare-agent</goal>
- </goals>
- <configuration>
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>
- <propertyName>failsafeArgLine</propertyName>
- </configuration>
- </execution>
- <execution>
- <id>post-integration-test</id>
- <phase>post-integration-test</phase>
- <goals>
- <goal>report</goal>
- </goals>
- <configuration>
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
-
- </build>
-
- <distributionManagement>
- <repository>
- <id>ecomp-releases</id>
- <name>AAF Release Repository</name>
- <url>${nexusproxy}${releaseNexusPath}</url>
- </repository>
- <snapshotRepository>
- <id>ecomp-snapshots</id>
- <name>AAF Snapshot Repository</name>
- <url>${nexusproxy}${snapshotNexusPath}</url>
- </snapshotRepository>
- <site>
- <id>ecomp-site</id>
- <url>dav:${nexusproxy}${sitePath}</url>
- </site>
- </distributionManagement>
-</project>
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro;
-
-import java.nio.ByteBuffer;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.Hash;
-import org.onap.aaf.cadi.Access.Level;
-
-public class AAFAuthenticationInfo implements AuthenticationInfo {
- private static final long serialVersionUID = -1502704556864321020L;
- // We assume that Shiro is doing Memory Only, and this salt is not needed cross process
- private final static int salt = new SecureRandom().nextInt();
-
- private final AAFPrincipalCollection apc;
- private final byte[] hash;
- private Access access;
-
- public AAFAuthenticationInfo(Access access, String username, String password) {
- this.access = access;
- apc = new AAFPrincipalCollection(username);
- hash = getSaltedCred(password);
- }
- @Override
- public byte[] getCredentials() {
- access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials");
- return hash;
- }
-
- @Override
- public PrincipalCollection getPrincipals() {
- access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals");
- return apc;
- }
-
- public boolean matches(AuthenticationToken atoken) {
- if(atoken instanceof UsernamePasswordToken) {
- UsernamePasswordToken upt = (UsernamePasswordToken)atoken;
- if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) {
- byte[] newhash = getSaltedCred(new String(upt.getPassword()));
- if(newhash.length==hash.length) {
- for(int i=0;i<hash.length;++i) {
- if(hash[i]!=newhash[i]) {
- return false;
- }
- }
- return true;
- }
- }
- }
- return false;
- }
-
- private byte[] getSaltedCred(String password) {
- byte[] pbytes = password.getBytes();
- ByteBuffer bb = ByteBuffer.allocate(pbytes.length+Integer.SIZE/8);
- bb.asIntBuffer().put(salt);
- bb.put(password.getBytes());
- try {
- return Hash.hashSHA256(bb.array());
- } catch (NoSuchAlgorithmException e) {
- return new byte[0]; // should never get here
- }
- }
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.Permission;
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.Access.Level;
-
-/**
- * We treat "roles" and "permissions" in a similar way for first pass.
- *
- * @author JonathanGathman
- *
- */
-public class AAFAuthorizationInfo implements AuthorizationInfo {
- private static final long serialVersionUID = -4805388954462426018L;
- private Access access;
- private Principal bait;
- private List<org.onap.aaf.cadi.Permission> pond;
- private ArrayList<String> sPerms;
- private ArrayList<Permission> oPerms;
-
- public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) {
- this.access = access;
- this.bait = bait;
- this.pond = pond;
- sPerms=null;
- oPerms=null;
- }
-
- public Principal principal() {
- return bait;
- }
-
- @Override
- public Collection<Permission> getObjectPermissions() {
- access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions");
- synchronized(bait) {
- if(oPerms == null) {
- oPerms = new ArrayList<Permission>();
- for(final org.onap.aaf.cadi.Permission p : pond) {
- oPerms.add(new AAFShiroPermission(p));
- }
- }
- }
- return oPerms;
- }
-
- @Override
- public Collection<String> getRoles() {
- access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles");
- // Until we decide to make Roles available, tie into String based permissions.
- return getStringPermissions();
- }
-
- @Override
- public Collection<String> getStringPermissions() {
- access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions");
- synchronized(bait) {
- if(sPerms == null) {
- sPerms = new ArrayList<String>();
- for(org.onap.aaf.cadi.Permission p : pond) {
- sPerms.add(p.getKey());
- }
- }
- }
- return sPerms;
- }
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.shiro.subject.PrincipalCollection;
-
-public class AAFPrincipalCollection implements PrincipalCollection {
- private static final long serialVersionUID = 558246013419818831L;
- private static final Set<String> realmSet;
- private final Principal principal;
- private List<Principal> list=null;
- private Set<Principal> set=null;
-
- static {
- realmSet = new HashSet<String>();
- realmSet.add(AAFRealm.AAF_REALM);
- }
-
- public AAFPrincipalCollection(Principal p) {
- principal = p;
- }
-
- public AAFPrincipalCollection(final String principalName) {
- principal = new Principal() {
- private final String name = principalName;
- @Override
- public String getName() {
- return name;
- }
- };
- }
-
- @Override
- public Iterator<Principal> iterator() {
- return null;
- }
-
- @Override
- public List<Principal> asList() {
- if(list==null) {
- list = new ArrayList<Principal>();
- }
- list.add(principal);
- return list;
- }
-
- @Override
- public Set<Principal> asSet() {
- if(set==null) {
- set = new HashSet<Principal>();
- }
- set.add(principal);
- return set;
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public <T> Collection<T> byType(Class<T> cls) {
- Collection<T> coll = new ArrayList<T>();
- if(cls.isAssignableFrom(Principal.class)) {
- coll.add((T)principal);
- }
- return coll;
- }
-
- @Override
- public Collection<Principal> fromRealm(String realm) {
- if(AAFRealm.AAF_REALM.equals(realm)) {
- return asList();
- } else {
- return new ArrayList<Principal>();
- }
- }
-
- @Override
- public Principal getPrimaryPrincipal() {
- return principal;
- }
-
- @Override
- public Set<String> getRealmNames() {
- return realmSet;
- }
-
- @Override
- public boolean isEmpty() {
- return principal==null;
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public <T> T oneByType(Class<T> cls) {
- if(cls.isAssignableFrom(Principal.class)) {
- return (T)principal;
- }
- return null;
- }
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.LocatorException;
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.misc.env.APIException;
-
-public class AAFRealm extends AuthorizingRealm {
- public static final String AAF_REALM = "AAFRealm";
-
- private PropAccess access;
- private AAFCon<?> acon;
- private AAFAuthn<?> authn;
- private HashSet<Class<? extends AuthenticationToken>> supports;
- private AAFLurPerm authz;
-
-
- /**
- *
- * There appears to be no configuration objects or references available for CADI to start with.
- *
- */
- public AAFRealm () {
- access = new PropAccess(); // pick up cadi_prop_files from VM_Args
- String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
- if(cadi_prop_files==null) {
- String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm.";
- access.log(Level.INIT,msg);
- throw new RuntimeException(msg);
- } else {
- try {
- acon = AAFCon.newInstance(access);
- authn = acon.newAuthn();
- authz = acon.newLur(authn);
- } catch (APIException | CadiException | LocatorException e) {
- String msg = "Cannot initiate AAFRealm";
- access.log(Level.INIT,msg,e.getMessage());
- throw new RuntimeException(msg,e);
- }
- }
- supports = new HashSet<Class<? extends AuthenticationToken>>();
- supports.add(UsernamePasswordToken.class);
- }
-
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
- access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token);
-
- final UsernamePasswordToken upt = (UsernamePasswordToken)token;
- String password=new String(upt.getPassword());
- String err;
- try {
- err = authn.validate(upt.getUsername(),password);
- } catch (IOException|CadiException e) {
- err = "Credential cannot be validated";
- access.log(e, err);
- }
-
- if(err != null) {
- access.log(Level.DEBUG, err);
- throw new AuthenticationException(err);
- }
-
- return new AAFAuthenticationInfo(
- access,
- upt.getUsername(),
- password
- );
- }
-
- @Override
- protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException {
- if(ai instanceof AAFAuthenticationInfo) {
- if(!((AAFAuthenticationInfo)ai).matches(atoken)) {
- throw new AuthenticationException("Credentials do not match");
- }
- } else {
- throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo");
- }
- }
-
-
- @Override
- protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
- access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo");
- Principal bait = (Principal)principals.getPrimaryPrincipal();
- List<Permission> pond = new ArrayList<Permission>();
- authz.fishAll(bait,pond);
-
- return new AAFAuthorizationInfo(access,bait,pond);
-
- }
-
- @Override
- public boolean supports(AuthenticationToken token) {
- return supports.contains(token.getClass());
- }
-
- @Override
- public String getName() {
- return AAF_REALM;
- }
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro;
-
-import org.apache.shiro.authz.Permission;
-
-public class AAFShiroPermission implements Permission {
- private org.onap.aaf.cadi.Permission perm;
- public AAFShiroPermission(org.onap.aaf.cadi.Permission perm) {
- this.perm = perm;
- }
- @Override
- public boolean implies(Permission sp) {
- if(sp instanceof AAFShiroPermission) {
- if(perm.match(((AAFShiroPermission)sp).perm)){
- return true;
- }
- }
- return false;
- }
-
- @Override
- public String toString() {
- return perm.toString();
- }
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.cadi.shiro.test;
-
-import java.util.ArrayList;
-
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.Permission;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.junit.Test;
-import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.shiro.AAFRealm;
-import org.onap.aaf.cadi.shiro.AAFShiroPermission;
-
-import junit.framework.Assert;
-
-public class JU_AAFRealm {
-
- // TODO: Ian - fix this test
- // @Test
- // public void test() {
- // // NOTE This is a live test. This JUnit needs to be built with "Mock"
- // try {
- // System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props");
- // TestAAFRealm ar = new TestAAFRealm();
-
- // UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!");
- // AuthenticationInfo ani = ar.authn(upt);
-
- // AuthorizationInfo azi = ar.authz(ani.getPrincipals());
- // // Change this to something YOU have, Sai...
-
- // testAPerm(true,azi,"org.access","something","*");
- // testAPerm(false,azi,"org.accessX","something","*");
- // } catch (Throwable t) {
- // t.printStackTrace();
- // Assert.fail();
- // }
- // }
-
- private void testAPerm(boolean expect,AuthorizationInfo azi, String type, String instance, String action) {
-
- AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,instance,action,new ArrayList<String>()));
-
- boolean any = false;
- for(Permission p : azi.getObjectPermissions()) {
- if(p.implies(testPerm)) {
- any = true;
- }
- }
- if(expect) {
- Assert.assertTrue(any);
- } else {
- Assert.assertFalse(any);
- }
-
-
- }
-
- /**
- * Note, have to create a derived class, because "doGet"... are protected
- */
- private class TestAAFRealm extends AAFRealm {
- public AuthenticationInfo authn(UsernamePasswordToken upt) {
- return doGetAuthenticationInfo(upt);
- }
- public AuthorizationInfo authz(PrincipalCollection pc) {
- return doGetAuthorizationInfo(pc);
- }
-
- }
-}
Code Review / aaf / authz.git / commitdiff