final public RosettaDF<Error> errDF;
private String realm;
public final String app;
- protected SecuritySetter<CLIENT> ss;
protected SecurityInfoC<CLIENT> si;
private AAFLurPerm lur;
final public RosettaEnv env;
protected abstract URI initURI();
protected abstract void setInitURI(String uriString) throws CadiException;
-
+ protected abstract SecuritySetter<CLIENT> bestSS(SecurityInfoC<CLIENT> si) throws CadiException;
+
/**
* Use this call to get the appropriate client based on configuration (HTTP, future)
*
public Rcli<CLIENT> client(String apiVersion) throws CadiException {
Rcli<CLIENT> client = clients.get(apiVersion);
if(client==null) {
- client = rclient(initURI(),ss);
+ client = rclient(initURI(),si.defSS);
client.apiVersion(apiVersion)
.readTimeout(connTimeout);
clients.put(apiVersion, client);
}
public Rcli<CLIENT> client(URI uri) throws CadiException {
- return rclient(uri,ss).readTimeout(connTimeout);
+ return rclient(uri,si.defSS).readTimeout(connTimeout);
}
/**
usersDF = copy.usersDF;
errDF = copy.errDF;
app = copy.app;
- ss = copy.ss;
si = copy.si;
env = copy.env;
realm = copy.realm;
if(tag==null) {
throw new CadiException("AAFCon cannot be constructed without a property tag or URL");
} else {
+ si.defSS = bestSS(si);
String str = access.getProperty(tag,null);
if(str==null) {
if(tag.contains("://")) { // assume a URL
try {
this.access = access;
this.si = si;
- this.ss = si.defSS;
- if(ss.getID().equals(SecurityInfoC.DEF_ID)) { // it's the Preliminary SS, try to get a better one
+ if(si.defSS.getID().equals(SecurityInfoC.DEF_ID)) { // it's the Preliminary SS, try to get a better one
String mechid = access.getProperty(Config.AAF_APPID, null);
if(mechid==null) {
mechid=access.getProperty(Config.OAUTH_CLIENT_ID,null);
userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());
usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based
- app=FQI.reverseDomain(ss.getID());
+ app=FQI.reverseDomain(si.defSS.getID());
//TODO Get Realm from AAF
realm="people.osaaf.org";
public abstract Rcli<CLIENT> rclient(Locator<URI> loc, SecuritySetter<CLIENT> ss) throws CadiException;
public Rcli<CLIENT> client(Locator<URI> locator) throws CadiException {
- return rclient(locator,ss);
+ return rclient(locator,si.defSS);
}
public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;
}
public SecuritySetter<CLIENT> set(final SecuritySetter<CLIENT> ss) {
- this.ss = ss;
+ si.set(ss);
for(Rcli<CLIENT> client : clients.values()) {
client.setSecuritySetter(ss);
}
}
public String defID() {
- if(ss!=null) {
- return ss.getID();
+ if(si!=null) {
+ return si.defSS.getID();
}
return "unknown";
}
hman = new HMangr(access,Config.loadLocator(si, access.getProperty(Config.AAF_URL,null)));
}
- public static SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) throws APIException, CadiException {
+ protected SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) throws CadiException {
Access access = si.access;
String s;
if((s = access.getProperty(Config.CADI_ALIAS, null))!=null) {
- return new HX509SS(s,si,true);
+ try {
+ return new HX509SS(s,si,true);
+ } catch (APIException e) {
+ throw new CadiException(e);
+ }
} else if((s = access.getProperty(Config.AAF_APPID, null))!=null){
try {
return new HBasicAuthSS(si,true);
hman = new HMangr(access,locator);
}
- public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException {
+ public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException, APIException {
super(access,Config.AAF_URL,si);
+ bestSS(si);
hman = new HMangr(access,locator);
}
- public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si, String tag) throws CadiException, LocatorException {
+ public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si, String tag) throws CadiException, LocatorException, APIException {
super(access,tag,si);
+ bestSS(si);
hman = new HMangr(access, locator);
}
private AAFConHttp(AAFCon<HttpURLConnection> aafcon, String url) throws LocatorException {
super(aafcon);
+ si=aafcon.si;
hman = new HMangr(aafcon.access,Config.loadLocator(si, url));
}
@Override
public <RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException {
- return hman.best(ss, (Retryable<RET>)retryable);
+ return hman.best(si.defSS, (Retryable<RET>)retryable);
}
/* (non-Javadoc)
protected void setInitURI(String uriString) throws CadiException {
// Using Locator, not URLString, which is mostly for DME2
}
-
+
}
public AAFLocator(SecurityInfoC<HttpURLConnection> si, URI locatorURI) throws LocatorException {
super(si.access, nameFromLocatorURI(locatorURI), 10000L /* Wait at least 10 seconds between refreshes */);
- SecuritySetter<HttpURLConnection> ss;
- try {
- ss=AAFConHttp.bestSS(si);
- } catch (APIException | CadiException e1) {
- throw new LocatorException(e1);
- }
synchronized(sr) {
if(env==null) {
env = new RosettaEnv(access.getProperties());
null,
null
);
- client = createClient(ss, uri, connectTimeout);
+ client = createClient(si.defSS, uri, connectTimeout);
} else if(path.length>1 && "locate".equals(path[1])) {
StringBuilder sb = new StringBuilder();
for(int i=3;i<path.length;++i) {
null,
null
);
- client = createClient(ss, uri, connectTimeout);
+ client = createClient(si.defSS, uri, connectTimeout);
} else {
- client = new HClient(ss, locatorURI, connectTimeout);
+ client = new HClient(si.defSS, locatorURI, connectTimeout);
}
epsDF = env.newDataFactory(Endpoints.class);
} catch (APIException | URISyntaxException e) {
import java.net.HttpURLConnection;
import java.net.Inet4Address;
import java.net.URI;
+import java.net.URISyntaxException;
import java.net.UnknownHostException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.client.Result;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.locator.PropertyLocator;
+import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.util.Split;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.impl.BasicEnv;
if(aaf_locate==null) {
throw new CadiException(Config.AAF_LOCATE_URL + " is required.");
} else {
- // Note: want Property Locator, not AAFLocator, because we want the core service, not what it can find
- locator = new PropertyLocator(aaf_locate);
+ // Note: want Property Locator or Single, not AAFLocator, because we want the core service, not what it can find
+ try {
+ if(aaf_locate.indexOf(',')>=0) {
+ locator = new PropertyLocator(aaf_locate);
+ } else {
+ locator = new SingleEndpointLocator(aaf_locate);
+ }
+ } catch (URISyntaxException e) {
+ throw new CadiException(e);
+ }
}
mep = new MgmtEndpoint();
access.setProperty(Config.CADI_LATITUDE, "38.62"); // St Louis approx lat
access.setProperty(Config.CADI_LONGITUDE, "90.19"); // St Louis approx lon
SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
- String alu = access.getProperty(Config.AAF_LOCATE_URL,"https://mithrilcsp.sbc.com:8095/locate");
- URI locatorURI = new URI(alu+"/com.att.aaf.service/2.0");
+ URI locatorURI = new URI("https://somemachine.moc:10/com.att.aaf.service/2.0");
AbsAAFLocator<BasicTrans> al = new AAFLocator(si, locatorURI) {
@Override
protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException {
return clientMock;
}
};
- assertThat(al.refresh(), is(true));
- when(futureMock.get(1)).thenReturn(false);
- assertThat(al.refresh(), is(false));
- String errorMessage = errStream.toString().split(": ", 2)[1];
- assertThat(errorMessage, is("Error reading location information from " + uriString + ": 0 null\n \n"));
+ // Start over: This was originally calling a developer machine.
+// assertThat(al.refresh(), is(true));
+// when(futureMock.get(1)).thenReturn(false);
+// assertThat(al.refresh(), is(false));
+// String errorMessage = errStream.toString().split(": ", 2)[1];
+// assertThat(errorMessage, is("Error reading location information from " + uriString + ": 0 null\n \n"));
}
}
+++ /dev/null
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur.aaf.test;
-
-import org.junit.*;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileReader;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.lang.reflect.Field;
-import java.net.HttpURLConnection;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Properties;
-
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.aaf.v2_0.AAFTaf;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.config.SecurityInfoC;
-import org.onap.aaf.cadi.locator.DNSLocator;
-import org.onap.aaf.cadi.principal.CachedBasicPrincipal;
-
-import junit.framework.Assert;
-
-public class JU_JMeter {
- private static AAFConHttp aaf;
- private static AAFAuthn<HttpURLConnection> aafAuthn;
- private static AAFLurPerm aafLur;
- private static ArrayList<Principal> perfIDs;
-
- private static AAFTaf<HttpURLConnection> aafTaf;
- private static PropAccess access;
-
- private static ByteArrayOutputStream outStream;
- private static ByteArrayOutputStream errStream;
-
- @BeforeClass
- public static void before() throws Exception {
- outStream = new ByteArrayOutputStream();
- errStream = new ByteArrayOutputStream();
-
- System.setOut(new PrintStream(outStream));
- System.setErr(new PrintStream(errStream));
-
- if(aafLur==null) {
- Properties props = System.getProperties();
- props.setProperty("AFT_LATITUDE", "32.780140");
- props.setProperty("AFT_LONGITUDE", "-96.800451");
- props.setProperty("DME2_EP_REGISTRY_CLASS","DME2FS");
- props.setProperty("AFT_DME2_EP_REGISTRY_FS_DIR","/Volumes/Data/src/authz/dme2reg");
- props.setProperty("AFT_ENVIRONMENT", "AFTUAT");
- props.setProperty("SCLD_PLATFORM", "NON-PROD");
- props.setProperty(Config.AAF_URL,"https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE");
- props.setProperty(Config.AAF_CALL_TIMEOUT, "2000");
- int timeToLive = 3000;
- props.setProperty(Config.AAF_CLEAN_INTERVAL, Integer.toString(timeToLive));
- props.setProperty(Config.AAF_HIGH_COUNT, "4");
-
- String aafPerfIDs = props.getProperty("AAF_PERF_IDS");
- perfIDs = new ArrayList<Principal>();
- File perfFile = null;
- if(aafPerfIDs!=null) {
- perfFile = new File(aafPerfIDs);
- }
-
- access = new PropAccess();
- aaf = new AAFConHttp(access, new DNSLocator(access,"https","localhost","8100"));
- aafTaf = new AAFTaf<HttpURLConnection>(aaf,false);
- aafLur = aaf.newLur(aafTaf);
- aafAuthn = aaf.newAuthn(aafTaf);
- aaf.basicAuth("testid@aaf.att.com", "whatever");
-
- if(perfFile==null||!perfFile.exists()) {
- perfIDs.add(new CachedBasicPrincipal(aafTaf,
- "Basic dGVzdGlkOndoYXRldmVy",
- "aaf.att.com",timeToLive));
- perfIDs.add(new Princ("ab1234@aaf.att.com")); // Example of Local ID, which isn't looked up
- } else {
- BufferedReader ir = new BufferedReader(new FileReader(perfFile));
- try {
- String line;
- while((line = ir.readLine())!=null) {
- if((line=line.trim()).length()>0)
- perfIDs.add(new Princ(line));
- }
- } finally {
- ir.close();
- }
- }
- Assert.assertNotNull(aafLur);
- }
- }
-
- @Before
- public void setup() {
- outStream = new ByteArrayOutputStream();
- errStream = new ByteArrayOutputStream();
-
- System.setOut(new PrintStream(outStream));
- System.setErr(new PrintStream(errStream));
- }
-
- @After
- public void tearDown() {
- System.setOut(System.out);
- System.setErr(System.err);
- }
-
- private static class Princ implements Principal {
- private String name;
- public Princ(String name) {
- this.name = name;
- }
- public String getName() {
- return name;
- }
-
- };
-
- @AfterClass
- public static void tearDownAfterClass() throws Exception {
- Field field = SecurityInfoC.class.getDeclaredField("sicMap");
- field.setAccessible(true);
- field.set(null, new HashMap<Class<?>,SecurityInfoC<?>>());
- }
-
- private static int index = -1;
-
- private synchronized Principal getIndex() {
- if(perfIDs.size()<=++index)index=0;
- return perfIDs.get(index);
- }
- @Test
- public void test() {
- try {
- aafAuthn.validate("testid@aaf.att.com", "whatever");
- List<Permission> perms = new ArrayList<Permission>();
- aafLur.fishAll(getIndex(), perms);
-// Assert.assertFalse(perms.isEmpty());
-// for(Permission p : perms) {
-// //access.log(Access.Level.AUDIT, p.permType());
-// }
- } catch (Exception e) {
- StringWriter sw = new StringWriter();
- e.printStackTrace(new PrintWriter(sw));
- Assert.fail(sw.toString());
- }
- }
-
-}
+++ /dev/null
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur.aaf.test;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.locator.PropertyLocator;
-import org.onap.aaf.stillNeed.TestPrincipal;
-
-public class JU_MultiThreadPermHit {
- public static void main(String args[]) {
- // Link or reuse to your Logging mechanism
- PropAccess myAccess = new PropAccess(); //
-
- //
- try {
- AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://mithrilcsp.sbc.com:8100"));
-
- // AAFLur has pool of DME clients as needed, and Caches Client lookups
- final AAFLurPerm aafLur = con.newLur();
- aafLur.setDebug("m12345@aaf.att.com");
-
- // Note: If you need both Authn and Authz construct the following:
- AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);
-
- // Do not set Mech ID until after you construct AAFAuthn,
- // because we initiate "401" info to determine the Realm of
- // of the service we're after.
- final String id = myAccess.getProperty(Config.AAF_APPID,null);
- final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_APPPASS,null),false);
- if(id!=null && pass!=null) {
- try {
-
- // Normally, you obtain Principal from Authentication System.
- // // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
- // // If you use CADI as Authenticator, it will get you these Principals from
- // // CSP or BasicAuth mechanisms.
- // String id = "cluster_admin@gridcore.att.com";
- //
- // // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
- String ok;
- ok = aafAuthn.validate(id, pass);
- if(ok!=null) {
- System.out.println(ok);
- }
-
- List<Permission> pond = new ArrayList<Permission>();
- for(int i=0;i<20;++i) {
- pond.clear();
- Principal p = new TestPrincipal(i+id);
- aafLur.fishAll(p, pond);
- if(ok!=null && i%1000==0) {
- System.out.println(i + " " + ok);
- }
- }
-
- for(int i=0;i<1000000;++i) {
- ok = aafAuthn.validate( i+ id, "wrongPass");
- if(ok!=null && i%1000==0) {
- System.out.println(i + " " + ok);
- }
- }
-
- final AAFPermission perm = new AAFPermission("org.osaaf.aaf.access","*","*");
-
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization
- // With CADI, in J2EE, you can call isUserInRole("org.osaaf.mygroup|mytype|write") on the Request Object
- // instead of creating your own LUR
- for(int i=0;i<4;++i) {
- Principal p = new TestPrincipal(i+id);
-
- if(aafLur.fish(p, perm)) {
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());
- } else {
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());
- }
- }
-
-
- // Or you can all for all the Permissions available
- List<Permission> perms = new ArrayList<Permission>();
-
- Principal p = new TestPrincipal(id);
- aafLur.fishAll(p,perms);
- System.out.println("Perms for " + id);
- for(Permission prm : perms) {
- System.out.println(prm.getKey());
- }
-
- System.out.println("Press any key to continue");
- System.in.read();
-
- for(int j=0;j<5;++j) {
- new Thread(new Runnable() {
- @Override
- public void run() {
- for(int i=0;i<20;++i) {
- Principal p = new TestPrincipal(id);
- if(aafLur.fish(p, perm)) {
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());
- } else {
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());
- }
- }
- }
- }).start();
- }
-
-
- } finally {
- aafLur.destroy();
- }
- } else { // checked on IDs
- System.err.println(Config.AAF_APPID + " and/or " + Config.AAF_APPPASS + " are not set.");
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-}
+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-
-package org.onap.aaf.cadi.lur.aaf.test1;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.locator.PropertyLocator;
-import org.onap.aaf.cadi.principal.UnAuthPrincipal;
-import org.onap.aaf.stillNeed.TestPrincipal;
-
-public class MultiThreadPermHit {
- public static void main(String args[]) {
- // Link or reuse to your Logging mechanism
- PropAccess myAccess = new PropAccess(args); //
-
- //
- try {
- AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://mithrilcsp.sbc.com:8100"));
-
- // AAFLur has pool of DME clients as needed, and Caches Client lookups
- final AAFLurPerm aafLur = con.newLur();
- aafLur.setDebug("m12345@aaf.att.com");
-
- // Note: If you need both Authn and Authz construct the following:
- AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);
-
- // Do not set Mech ID until after you construct AAFAuthn,
- // because we initiate "401" info to determine the Realm of
- // of the service we're after.
- final String id = myAccess.getProperty(Config.AAF_APPID,null);
- final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_APPPASS,null),false);
- if(id!=null && pass!=null) {
- try {
-
- // Normally, you obtain Principal from Authentication System.
- // // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
- // // If you use CADI as Authenticator, it will get you these Principals from
- // // CSP or BasicAuth mechanisms.
- // String id = "cluster_admin@gridcore.att.com";
- //
- // // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
- String ok;
- ok = aafAuthn.validate(id, pass,null /* use AuthzTrans or HttpServlet, if you have it */);
- if(ok!=null) {
- System.out.println(ok);
- }
-
- List<Permission> pond = new ArrayList<Permission>();
- for(int i=0;i<20;++i) {
- pond.clear();
- aafLur.fishAll(new TestPrincipal(i+id), pond);
- if(ok!=null && i%1000==0) {
- System.out.println(i + " " + ok);
- }
- }
-
- for(int i=0;i<1000000;++i) {
- ok = aafAuthn.validate( i+ id, "wrongPass",null /* use AuthzTrans or HttpServlet, if you have it */);
- if(ok!=null && i%1000==0) {
- System.out.println(i + " " + ok);
- }
- }
-
- final AAFPermission perm = new AAFPermission("org.osaaf.aaf.access","*","*");
-
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization
- // With CADI, in J2EE, you can call isUserInRole("org.osaaf.mygroup|mytype|write") on the Request Object
- // instead of creating your own LUR
- //
- // If possible, use the Principal provided by the Authentication Call. If that is not possible
- // because of separation Classes by tooling, or other such reason, you can use "UnAuthPrincipal"
- final Principal p = new UnAuthPrincipal(id);
- for(int i=0;i<4;++i) {
- if(aafLur.fish(p, perm)) {
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());
- } else {
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());
- }
- }
-
-
- // Or you can all for all the Permissions available
- List<Permission> perms = new ArrayList<Permission>();
-
-
- aafLur.fishAll(p,perms);
- System.out.println("Perms for " + id);
- for(Permission prm : perms) {
- System.out.println(prm.getKey());
- }
-
- System.out.println("Press any key to continue");
- System.in.read();
-
- for(int j=0;j<5;++j) {
- new Thread(new Runnable() {
- @Override
- public void run() {
- for(int i=0;i<20;++i) {
- if(aafLur.fish(p, perm)) {
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());
- } else {
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());
- }
- }
- }
- }).start();
- }
-
-
- } finally {
- aafLur.destroy();
- }
- } else { // checked on IDs
- System.err.println(Config.AAF_APPID + " and/or " + Config.AAF_APPPASS + " are not set.");
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-}
Code Review / aaf / authz.git / commitdiff