From 0ed473b17619d749bbdf56ad17199e71fb04c2be Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 26 Mar 2018 14:09:21 -0700 Subject: [PATCH] AT&T 2.0.19 Code drop, stage 5 Issue-ID: AAF-197 Change-Id: I81dd2a8fd8cd4d4771e390609909c86ac09b7dac Signed-off-by: Instrumental --- authz-cass/pom.xml | 248 -- authz-cass/src/main/cql/ecomp.cql | 118 - authz-cass/src/main/cql/init.cql | 212 -- .../src/main/java/org/onap/aaf/dao/AbsCassDAO.java | 497 --- .../main/java/org/onap/aaf/dao/Bytification.java | 31 - .../src/main/java/org/onap/aaf/dao/CIDAO.java | 52 - .../src/main/java/org/onap/aaf/dao/Cacheable.java | 34 - .../src/main/java/org/onap/aaf/dao/Cached.java | 198 - .../src/main/java/org/onap/aaf/dao/CachedDAO.java | 229 -- .../src/main/java/org/onap/aaf/dao/CassAccess.java | 220 -- .../main/java/org/onap/aaf/dao/CassDAOImpl.java | 328 -- authz-cass/src/main/java/org/onap/aaf/dao/DAO.java | 44 - .../main/java/org/onap/aaf/dao/DAOException.java | 52 - .../src/main/java/org/onap/aaf/dao/DAO_RO.java | 71 - .../src/main/java/org/onap/aaf/dao/Loader.java | 214 -- .../src/main/java/org/onap/aaf/dao/Streamer.java | 32 - .../src/main/java/org/onap/aaf/dao/Touchable.java | 27 - .../org/onap/aaf/dao/aaf/cached/CachedCertDAO.java | 55 - .../org/onap/aaf/dao/aaf/cached/CachedCredDAO.java | 67 - .../org/onap/aaf/dao/aaf/cached/CachedNSDAO.java | 34 - .../org/onap/aaf/dao/aaf/cached/CachedPermDAO.java | 125 - .../org/onap/aaf/dao/aaf/cached/CachedRoleDAO.java | 107 - .../onap/aaf/dao/aaf/cached/CachedUserRoleDAO.java | 117 - .../org/onap/aaf/dao/aaf/cass/ApprovalDAO.java | 206 - .../java/org/onap/aaf/dao/aaf/cass/ArtiDAO.java | 267 -- .../org/onap/aaf/dao/aaf/cass/CacheInfoDAO.java | 464 --- .../org/onap/aaf/dao/aaf/cass/CacheableData.java | 36 - .../java/org/onap/aaf/dao/aaf/cass/CertDAO.java | 244 -- .../java/org/onap/aaf/dao/aaf/cass/CredDAO.java | 258 -- .../org/onap/aaf/dao/aaf/cass/DelegateDAO.java | 139 - .../java/org/onap/aaf/dao/aaf/cass/FutureDAO.java | 183 - .../java/org/onap/aaf/dao/aaf/cass/HistoryDAO.java | 237 -- .../java/org/onap/aaf/dao/aaf/cass/Namespace.java | 151 - .../main/java/org/onap/aaf/dao/aaf/cass/NsDAO.java | 542 --- .../java/org/onap/aaf/dao/aaf/cass/NsSplit.java | 62 - .../java/org/onap/aaf/dao/aaf/cass/NsType.java | 74 - .../java/org/onap/aaf/dao/aaf/cass/PermDAO.java | 502 --- .../java/org/onap/aaf/dao/aaf/cass/RoleDAO.java | 412 -- .../java/org/onap/aaf/dao/aaf/cass/Status.java | 88 - .../org/onap/aaf/dao/aaf/cass/UserRoleDAO.java | 320 -- .../java/org/onap/aaf/dao/aaf/hl/CassExecutor.java | 74 - .../java/org/onap/aaf/dao/aaf/hl/Function.java | 1574 -------- .../java/org/onap/aaf/dao/aaf/hl/PermLookup.java | 184 - .../java/org/onap/aaf/dao/aaf/hl/Question.java | 1087 ------ .../org/onap/aaf/dao/session/SessionFilter.java | 142 - .../org/onap/aaf/authz/cass/hl/JU_Question.java | 500 --- .../src/test/java/org/onap/aaf/dao/JU_Cached.java | 127 - .../test/java/org/onap/aaf/dao/JU_CachedDAO.java | 66 - .../test/java/org/onap/aaf/dao/JU_CassAccess.java | 74 - .../test/java/org/onap/aaf/dao/JU_CassDAOImpl.java | 97 - .../java/org/onap/aaf/dao/JU_DAOException.java | 50 - .../java/org/onap/aaf/dao/aaf/test/AbsJUCass.java | 200 - .../org/onap/aaf/dao/aaf/test/JU_ApprovalDAO.java | 147 - .../java/org/onap/aaf/dao/aaf/test/JU_ArtiDAO.java | 137 - .../org/onap/aaf/dao/aaf/test/JU_Bytification.java | 266 -- .../org/onap/aaf/dao/aaf/test/JU_CacheInfoDAO.java | 65 - .../java/org/onap/aaf/dao/aaf/test/JU_CertDAO.java | 105 - .../java/org/onap/aaf/dao/aaf/test/JU_CredDAO.java | 252 -- .../org/onap/aaf/dao/aaf/test/JU_DelegateDAO.java | 107 - .../org/onap/aaf/dao/aaf/test/JU_FastCalling.java | 91 - .../org/onap/aaf/dao/aaf/test/JU_HistoryDAO.java | 154 - .../java/org/onap/aaf/dao/aaf/test/JU_NsDAO.java | 187 - .../java/org/onap/aaf/dao/aaf/test/JU_NsType.java | 59 - .../java/org/onap/aaf/dao/aaf/test/JU_PermDAO.java | 176 - .../java/org/onap/aaf/dao/aaf/test/JU_RoleDAO.java | 139 - .../org/onap/aaf/dao/aaf/test/NS_ChildUpdate.java | 74 - authz-cass/src/test/resources/cadi.properties | 52 - authz-client/pom.xml | 277 -- authz-client/src/main/xsd/aaf_2_0.xsd | 467 --- authz-client/src/main/xsd/certman_1_0.xsd | 131 - authz-fs/pom.xml | 213 -- authz-fs/src/main/config/FileServer.props | 20 - authz-fs/src/main/config/log4j.properties | 90 - authz-fs/src/main/config/lrm-authz-fs.xml | 82 - authz-fs/src/main/data/test.html | 42 - .../java/org/onap/aaf/authz/fs/FileServer.java | 156 - .../java/org/onap/aaf/authz/fs/JU_FileServer.java | 83 - authz-gui/pom.xml | 277 -- authz-gui/src/main/config/authGUI.props | 34 - authz-gui/src/main/config/log4j.properties | 57 - authz-gui/src/main/config/lrm-authz-gui.xml | 64 - authz-gui/src/main/java/com/att/authz/cui/CUI.java | 65 - .../src/main/java/com/att/authz/gui/AuthGUI.java | 319 -- .../main/java/com/att/authz/gui/BreadCrumbs.java | 37 - .../src/main/java/com/att/authz/gui/Controls.java | 27 - .../src/main/java/com/att/authz/gui/Display.java | 122 - .../src/main/java/com/att/authz/gui/Form.java | 51 - .../src/main/java/com/att/authz/gui/NamedCode.java | 31 - .../src/main/java/com/att/authz/gui/Page.java | 292 -- .../src/main/java/com/att/authz/gui/Table.java | 149 - .../main/java/com/att/authz/gui/pages/ApiDocs.java | 304 -- .../java/com/att/authz/gui/pages/ApiExample.java | 122 - .../com/att/authz/gui/pages/ApprovalAction.java | 108 - .../java/com/att/authz/gui/pages/ApprovalForm.java | 262 -- .../main/java/com/att/authz/gui/pages/Home.java | 59 - .../java/com/att/authz/gui/pages/LoginLanding.java | 97 - .../att/authz/gui/pages/LoginLandingAction.java | 47 - .../java/com/att/authz/gui/pages/NsDetail.java | 223 -- .../java/com/att/authz/gui/pages/NsHistory.java | 210 -- .../java/com/att/authz/gui/pages/NsInfoAction.java | 140 - .../java/com/att/authz/gui/pages/NsInfoForm.java | 144 - .../main/java/com/att/authz/gui/pages/NssShow.java | 123 - .../com/att/authz/gui/pages/PassChangeAction.java | 138 - .../com/att/authz/gui/pages/PassChangeForm.java | 68 - .../att/authz/gui/pages/PendingRequestsShow.java | 174 - .../java/com/att/authz/gui/pages/PermDetail.java | 138 - .../com/att/authz/gui/pages/PermGrantAction.java | 117 - .../com/att/authz/gui/pages/PermGrantForm.java | 139 - .../java/com/att/authz/gui/pages/PermHistory.java | 223 -- .../java/com/att/authz/gui/pages/PermsShow.java | 99 - .../com/att/authz/gui/pages/RequestDetail.java | 176 - .../java/com/att/authz/gui/pages/RoleDetail.java | 130 - .../java/com/att/authz/gui/pages/RoleHistory.java | 208 - .../java/com/att/authz/gui/pages/RolesShow.java | 119 - .../com/att/authz/gui/pages/UserRoleExtend.java | 81 - .../com/att/authz/gui/pages/UserRoleRemove.java | 79 - .../java/com/att/authz/gui/pages/WebCommand.java | 101 - .../main/java/com/att/authz/gui/table/AbsCell.java | 27 - .../java/com/att/authz/gui/table/ButtonCell.java | 27 - .../java/com/att/authz/gui/table/RadioCell.java | 29 - .../main/java/com/att/authz/gui/table/RefCell.java | 35 - .../com/att/authz/gui/table/TextAndRefCell.java | 25 - .../java/com/att/authz/gui/table/TextCell.java | 31 - authz-gui/theme/AAF_details.png | Bin 650 -> 0 bytes authz-gui/theme/AAF_font_size.png | Bin 1280 -> 0 bytes authz-gui/theme/AAF_maximize.png | Bin 593 -> 0 bytes authz-gui/theme/AAFdownload.png | Bin 1834 -> 0 bytes authz-gui/theme/AAFemail.png | Bin 2277 -> 0 bytes authz-gui/theme/aaf5.css | 524 --- authz-gui/theme/aaf5Desktop.css | 92 - authz-gui/theme/aaf5iPhone.css | 38 - authz-gui/theme/aafOldIE.css | 162 - authz-gui/theme/aaf_1_0.xsd | 150 - authz-gui/theme/aaf_2_0.xsd | 394 -- authz-gui/theme/comm.js | 24 - authz-gui/theme/common.js | 104 - authz-gui/theme/console.js | 275 -- authz-gui/theme/favicon.ico | Bin 3638 -> 0 bytes authz-gui/theme/options_down.png | Bin 833 -> 0 bytes authz-gui/theme/options_up.png | Bin 826 -> 0 bytes authz-gui/theme/t_bubbles.jpg | Bin 9157 -> 0 bytes authz-gw/pom.xml | 223 -- authz-gw/src/main/config/authGW.props | 33 - authz-gw/src/main/config/log4j.properties | 79 - authz-gw/src/main/config/lrm-authz-gw.xml | 82 - .../src/main/java/org/onap/aaf/authz/gw/GwAPI.java | 248 -- .../main/java/org/onap/aaf/authz/gw/GwCode.java | 45 - .../org/onap/aaf/authz/gw/api/API_AAFAccess.java | 363 -- .../java/org/onap/aaf/authz/gw/api/API_Api.java | 99 - .../java/org/onap/aaf/authz/gw/api/API_Find.java | 87 - .../java/org/onap/aaf/authz/gw/api/API_Proxy.java | 156 - .../java/org/onap/aaf/authz/gw/api/API_TGuard.java | 75 - .../org/onap/aaf/authz/gw/facade/GwFacade.java | 74 - .../onap/aaf/authz/gw/facade/GwFacadeFactory.java | 48 - .../org/onap/aaf/authz/gw/facade/GwFacadeImpl.java | 258 -- .../org/onap/aaf/authz/gw/facade/GwFacade_1_0.java | 40 - .../java/org/onap/aaf/authz/gw/mapper/Mapper.java | 33 - .../org/onap/aaf/authz/gw/mapper/Mapper_1_0.java | 69 - .../org/onap/aaf/authz/gw/service/GwService.java | 29 - .../onap/aaf/authz/gw/service/GwServiceImpl.java | 40 - authz-gw/src/main/xsd/gw_1_0.xsd | 103 - .../test/java/org/onap/aaf/authz/gw/JU_GwAPI.java | 51 - authz-service/pom.xml | 574 --- authz-service/src/main/assemble/swm.xml | 35 - authz-service/src/main/config/log4j.properties | 99 - .../src/main/config/lrm-authz-service.xml | 82 - .../java/org/onap/aaf/authz/cadi/DirectAAFLur.java | 170 - .../org/onap/aaf/authz/cadi/DirectAAFUserPass.java | 74 - .../onap/aaf/authz/cadi/DirectCertIdentity.java | 79 - .../org/onap/aaf/authz/facade/AuthzFacade.java | 263 -- .../onap/aaf/authz/facade/AuthzFacadeFactory.java | 57 - .../org/onap/aaf/authz/facade/AuthzFacadeImpl.java | 2565 ------------- .../org/onap/aaf/authz/facade/AuthzFacade_2_0.java | 65 - .../java/org/onap/aaf/authz/service/AuthAPI.java | 330 -- .../aaf/authz/service/AuthzCassServiceImpl.java | 3973 -------------------- .../org/onap/aaf/authz/service/AuthzService.java | 748 ---- .../main/java/org/onap/aaf/authz/service/Code.java | 45 - .../java/org/onap/aaf/authz/service/MayChange.java | 33 - .../org/onap/aaf/authz/service/api/API_Api.java | 93 - .../onap/aaf/authz/service/api/API_Approval.java | 108 - .../org/onap/aaf/authz/service/api/API_Creds.java | 278 -- .../onap/aaf/authz/service/api/API_Delegate.java | 154 - .../onap/aaf/authz/service/api/API_History.java | 239 -- .../org/onap/aaf/authz/service/api/API_Mgmt.java | 275 -- .../org/onap/aaf/authz/service/api/API_NS.java | 397 -- .../org/onap/aaf/authz/service/api/API_Perms.java | 292 -- .../org/onap/aaf/authz/service/api/API_Roles.java | 314 -- .../org/onap/aaf/authz/service/api/API_User.java | 134 - .../onap/aaf/authz/service/api/API_UserRole.java | 182 - .../org/onap/aaf/authz/service/mapper/Mapper.java | 123 - .../onap/aaf/authz/service/mapper/Mapper_2_0.java | 791 ---- .../aaf/authz/service/validation/Validator.java | 386 -- .../envContext=DEV/routeOffer=BAU_SE.txt | 8 - .../main/resources/docker-compose/data/ecomp.cql | 169 - .../resources/docker-compose/data/identities.dat | 7 - .../resources/docker-compose/data/identities.idx | Bin 56 -> 0 bytes .../main/resources/docker-compose/data/init.cql | 242 -- .../resources/docker-compose/data2/identities.dat | 9 - .../resources/docker-compose/docker-compose.yml | 58 - .../main/resources/docker-compose/startupaaf.sh | 34 - .../src/main/resources/docker-compose/sysctl.conf | 3 - .../resources/docker-compose/wait_for_host_port.sh | 17 - authz-service/src/main/resources/docker/Dockerfile | 9 - .../src/main/resources/docker/authAPI.props | 35 - .../main/resources/docker/com.osaaf.common.props | 81 - .../src/main/resources/docker/com.osaaf.props | 9 - authz-service/src/main/resources/docker/startup.sh | 34 - authz-service/src/main/resources/etc/authAPI.props | 35 - .../src/main/resources/etc/com.osaaf.common.props | 81 - .../src/main/resources/etc/com.osaaf.props | 9 - authz-service/src/main/sample/authAPI.props | 30 - authz-service/src/main/sample/log4j.properties | 85 - authz-service/src/main/swm/common/deinstall.sh | 40 - authz-service/src/main/swm/common/install.sh | 252 -- .../src/main/swm/deinstall/postproc/post_proc | 7 - .../src/main/swm/deinstall/preproc/pre_proc | 3 - authz-service/src/main/swm/descriptor.xml | 51 - .../src/main/swm/fallback/postproc/post_proc | 6 - .../src/main/swm/fallback/preproc/pre_proc | 6 - .../src/main/swm/initinst/postproc/post_proc | 6 - .../src/main/swm/initinst/preproc/pre_proc | 7 - .../src/main/swm/install/postproc/post_proc | 7 - .../src/main/swm/install/preproc/pre_proc | 7 - authz-service/src/main/swm/packageNotes.txt | 32 - .../org/onap/aaf/authz/cadi/JU_DirectAAFLur.java | 66 - .../onap/aaf/authz/cadi/JU_DirectAAFUserPass.java | 74 - .../onap/aaf/authz/cadi/JU_DirectCertIdentity.java | 72 - .../org/onap/aaf/authz/service/JU_AuthAPI.java | 75 - .../org/onap/aaf/authz/service/api/JU_API_Api.java | 61 - .../aaf/authz/service/api/JU_API_Approval.java | 63 - .../onap/aaf/authz/service/api/JU_API_Creds.java | 75 - .../aaf/authz/service/api/JU_API_Delegate.java | 57 - .../onap/aaf/authz/service/api/JU_API_History.java | 63 - .../onap/aaf/authz/service/api/JU_API_Mgmt.java | 60 - .../org/onap/aaf/authz/service/api/JU_API_NS.java | 52 - .../onap/aaf/authz/service/api/JU_API_Perms.java | 69 - .../onap/aaf/authz/service/api/JU_API_Roles.java | 58 - .../onap/aaf/authz/service/api/JU_API_User.java | 58 - .../aaf/authz/service/api/JU_API_UserRole.java | 54 - .../aaf/authz/service/mapper/JU_Mapper_2_0.java | 163 - .../onap/aaf/authz/service/test/JU_Validator.java | 159 - .../aaf/authz/service/validation/JU_Validator.java | 219 -- authz-service/start.sh | 21 - 243 files changed, 40426 deletions(-) delete mode 100644 authz-cass/pom.xml delete mode 100644 authz-cass/src/main/cql/ecomp.cql delete mode 100644 authz-cass/src/main/cql/init.cql delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/AbsCassDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Bytification.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/CIDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Cacheable.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Cached.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/CachedDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/CassAccess.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/CassDAOImpl.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/DAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/DAOException.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/DAO_RO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Loader.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Streamer.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/Touchable.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCertDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCredDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedNSDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedPermDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedRoleDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedUserRoleDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ApprovalDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ArtiDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheInfoDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheableData.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CertDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CredDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/DelegateDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/FutureDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/HistoryDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Namespace.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsSplit.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsType.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/PermDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/RoleDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Status.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/UserRoleDAO.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/CassExecutor.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Function.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/PermLookup.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Question.java delete mode 100644 authz-cass/src/main/java/org/onap/aaf/dao/session/SessionFilter.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/authz/cass/hl/JU_Question.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/JU_Cached.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/JU_CachedDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/JU_CassAccess.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/JU_CassDAOImpl.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/JU_DAOException.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/AbsJUCass.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ApprovalDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ArtiDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_Bytification.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CacheInfoDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CertDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CredDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_DelegateDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_FastCalling.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_HistoryDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsType.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_PermDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_RoleDAO.java delete mode 100644 authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/NS_ChildUpdate.java delete mode 100644 authz-cass/src/test/resources/cadi.properties delete mode 100644 authz-client/pom.xml delete mode 100644 authz-client/src/main/xsd/aaf_2_0.xsd delete mode 100644 authz-client/src/main/xsd/certman_1_0.xsd delete mode 100644 authz-fs/pom.xml delete mode 100644 authz-fs/src/main/config/FileServer.props delete mode 100644 authz-fs/src/main/config/log4j.properties delete mode 100644 authz-fs/src/main/config/lrm-authz-fs.xml delete mode 100644 authz-fs/src/main/data/test.html delete mode 100644 authz-fs/src/main/java/org/onap/aaf/authz/fs/FileServer.java delete mode 100644 authz-fs/src/test/java/org/onap/aaf/authz/fs/JU_FileServer.java delete mode 100644 authz-gui/pom.xml delete mode 100644 authz-gui/src/main/config/authGUI.props delete mode 100644 authz-gui/src/main/config/log4j.properties delete mode 100644 authz-gui/src/main/config/lrm-authz-gui.xml delete mode 100644 authz-gui/src/main/java/com/att/authz/cui/CUI.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/AuthGUI.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/BreadCrumbs.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/Controls.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/Display.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/Form.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/NamedCode.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/Page.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/Table.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/ApiDocs.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/ApiExample.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalAction.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalForm.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/Home.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/LoginLanding.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/LoginLandingAction.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/NsDetail.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/NsHistory.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoAction.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoForm.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/NssShow.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeAction.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeForm.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PendingRequestsShow.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PermDetail.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantAction.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantForm.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PermHistory.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/PermsShow.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/RequestDetail.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/RoleDetail.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/RoleHistory.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/RolesShow.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleExtend.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleRemove.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/pages/WebCommand.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/AbsCell.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/ButtonCell.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/RadioCell.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/RefCell.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/TextAndRefCell.java delete mode 100644 authz-gui/src/main/java/com/att/authz/gui/table/TextCell.java delete mode 100644 authz-gui/theme/AAF_details.png delete mode 100644 authz-gui/theme/AAF_font_size.png delete mode 100644 authz-gui/theme/AAF_maximize.png delete mode 100644 authz-gui/theme/AAFdownload.png delete mode 100644 authz-gui/theme/AAFemail.png delete mode 100644 authz-gui/theme/aaf5.css delete mode 100644 authz-gui/theme/aaf5Desktop.css delete mode 100644 authz-gui/theme/aaf5iPhone.css delete mode 100644 authz-gui/theme/aafOldIE.css delete mode 100644 authz-gui/theme/aaf_1_0.xsd delete mode 100644 authz-gui/theme/aaf_2_0.xsd delete mode 100644 authz-gui/theme/comm.js delete mode 100644 authz-gui/theme/common.js delete mode 100644 authz-gui/theme/console.js delete mode 100644 authz-gui/theme/favicon.ico delete mode 100644 authz-gui/theme/options_down.png delete mode 100644 authz-gui/theme/options_up.png delete mode 100644 authz-gui/theme/t_bubbles.jpg delete mode 100644 authz-gw/pom.xml delete mode 100644 authz-gw/src/main/config/authGW.props delete mode 100644 authz-gw/src/main/config/log4j.properties delete mode 100644 authz-gw/src/main/config/lrm-authz-gw.xml delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java delete mode 100644 authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java delete mode 100644 authz-gw/src/main/xsd/gw_1_0.xsd delete mode 100644 authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java delete mode 100644 authz-service/pom.xml delete mode 100644 authz-service/src/main/assemble/swm.xml delete mode 100644 authz-service/src/main/config/log4j.properties delete mode 100644 authz-service/src/main/config/lrm-authz-service.xml delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFLur.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFUserPass.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectCertIdentity.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacade.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeFactory.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeImpl.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacade_2_0.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/AuthAPI.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/AuthzCassServiceImpl.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/AuthzService.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/Code.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/MayChange.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Api.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Approval.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Creds.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Delegate.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_History.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Mgmt.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_NS.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Perms.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_Roles.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_User.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/api/API_UserRole.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/mapper/Mapper.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/mapper/Mapper_2_0.java delete mode 100644 authz-service/src/main/java/org/onap/aaf/authz/service/validation/Validator.java delete mode 100644 authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt delete mode 100644 authz-service/src/main/resources/docker-compose/data/ecomp.cql delete mode 100644 authz-service/src/main/resources/docker-compose/data/identities.dat delete mode 100644 authz-service/src/main/resources/docker-compose/data/identities.idx delete mode 100644 authz-service/src/main/resources/docker-compose/data/init.cql delete mode 100644 authz-service/src/main/resources/docker-compose/data2/identities.dat delete mode 100644 authz-service/src/main/resources/docker-compose/docker-compose.yml delete mode 100644 authz-service/src/main/resources/docker-compose/startupaaf.sh delete mode 100644 authz-service/src/main/resources/docker-compose/sysctl.conf delete mode 100644 authz-service/src/main/resources/docker-compose/wait_for_host_port.sh delete mode 100644 authz-service/src/main/resources/docker/Dockerfile delete mode 100644 authz-service/src/main/resources/docker/authAPI.props delete mode 100644 authz-service/src/main/resources/docker/com.osaaf.common.props delete mode 100644 authz-service/src/main/resources/docker/com.osaaf.props delete mode 100644 authz-service/src/main/resources/docker/startup.sh delete mode 100644 authz-service/src/main/resources/etc/authAPI.props delete mode 100644 authz-service/src/main/resources/etc/com.osaaf.common.props delete mode 100644 authz-service/src/main/resources/etc/com.osaaf.props delete mode 100644 authz-service/src/main/sample/authAPI.props delete mode 100644 authz-service/src/main/sample/log4j.properties delete mode 100644 authz-service/src/main/swm/common/deinstall.sh delete mode 100644 authz-service/src/main/swm/common/install.sh delete mode 100644 authz-service/src/main/swm/deinstall/postproc/post_proc delete mode 100644 authz-service/src/main/swm/deinstall/preproc/pre_proc delete mode 100644 authz-service/src/main/swm/descriptor.xml delete mode 100644 authz-service/src/main/swm/fallback/postproc/post_proc delete mode 100644 authz-service/src/main/swm/fallback/preproc/pre_proc delete mode 100644 authz-service/src/main/swm/initinst/postproc/post_proc delete mode 100644 authz-service/src/main/swm/initinst/preproc/pre_proc delete mode 100644 authz-service/src/main/swm/install/postproc/post_proc delete mode 100644 authz-service/src/main/swm/install/preproc/pre_proc delete mode 100644 authz-service/src/main/swm/packageNotes.txt delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/cadi/JU_DirectAAFLur.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/cadi/JU_DirectAAFUserPass.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/cadi/JU_DirectCertIdentity.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/JU_AuthAPI.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Api.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Approval.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Creds.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Delegate.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_History.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Mgmt.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_NS.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Perms.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_Roles.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_User.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/api/JU_API_UserRole.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/test/JU_Validator.java delete mode 100644 authz-service/src/test/java/org/onap/aaf/authz/service/validation/JU_Validator.java delete mode 100644 authz-service/start.sh diff --git a/authz-cass/pom.xml b/authz-cass/pom.xml deleted file mode 100644 index 3de0606d..00000000 --- a/authz-cass/pom.xml +++ /dev/null @@ -1,248 +0,0 @@ - - - - 4.0.0 - - org.onap.aaf.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - authz-cass - Authz Cass - Cassandra DAOs for Authz - jar - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - UTF-8 - 1.0.0-SNAPSHOT - - - 0.7.7.201606060606 - true - 3.2 - jacoco - - target/code-coverage/jacoco-ut.exec - target/code-coverage/jacoco-it.exec - - **/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/** - https://nexus.onap.org - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - - - - org.onap.aaf.authz - authz-core - ${project.version} - - - - org.onap.aaf.cadi - cadi-aaf - ${project.cadiVersion} - - - - com.datastax.cassandra - cassandra-driver-core - 2.1.10 - - - - - org.xerial.snappy - snappy-java - 1.1.1-M1 - - - - net.jpountz.lz4 - lz4 - 1.2.0 - - - - com.googlecode.jcsv - jcsv - 1.4.0 - - - - org.slf4j - slf4j-log4j12 - test - - - - - - - - org.apache.maven.plugins - maven-jarsigner-plugin - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - ${jacoco.version} - - - **/gen/** - **/generated-sources/** - **/yang-gen/** - **/pax/** - - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/code-coverage/jacoco-ut.exec - surefireArgLine - - - - - - post-unit-test - test - - report - - - ${project.build.directory}/code-coverage/jacoco-ut.exec - ${project.reporting.outputDirectory}/jacoco-ut - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/code-coverage/jacoco-it.exec - - failsafeArgLine - - - - - - post-integration-test - post-integration-test - - report - - - ${project.build.directory}/code-coverage/jacoco-it.exec - ${project.reporting.outputDirectory}/jacoco-it - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - - - diff --git a/authz-cass/src/main/cql/ecomp.cql b/authz-cass/src/main/cql/ecomp.cql deleted file mode 100644 index 967d6daf..00000000 --- a/authz-cass/src/main/cql/ecomp.cql +++ /dev/null @@ -1,118 +0,0 @@ -// -// Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -// -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); diff --git a/authz-cass/src/main/cql/init.cql b/authz-cass/src/main/cql/init.cql deleted file mode 100644 index 3b2688a6..00000000 --- a/authz-cass/src/main/cql/init.cql +++ /dev/null @@ -1,212 +0,0 @@ -// -// Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -// -// For Developer Machine single instance -// - CREATE KEYSPACE authz - WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - - -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set, - sponsor text, - ca text, - dir text, - appName text, - os_user text, - notify text, - expires timestamp, - renewDays int, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/AbsCassDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/AbsCassDAO.java deleted file mode 100644 index c76a88f9..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/AbsCassDAO.java +++ /dev/null @@ -1,497 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Deque; -import java.util.List; -import java.util.concurrent.ConcurrentLinkedDeque; - -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.Status; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.TransStore; -import com.datastax.driver.core.BoundStatement; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ConsistencyLevel; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.ResultSetFuture; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.Session; -import com.datastax.driver.core.exceptions.DriverException; - -public abstract class AbsCassDAO { - protected static final char DOT = '.'; - protected static final char DOT_PLUS_ONE = '.'+1; - protected static final String FIRST_CHAR = Character.toString((char)0); - protected static final String LAST_CHAR = Character.toString((char)Character.MAX_VALUE); - protected static final int FIELD_COMMAS = 0; - protected static final int QUESTION_COMMAS = 1; - protected static final int ASSIGNMENT_COMMAS = 2; - protected static final int WHERE_ANDS = 3; - - private Cluster cluster; - private Session session; - private final String keyspace; - // If this is null, then we own session - private final AbsCassDAO owningDAO; - protected Class dataClass; - private final String name; - private static Slot sessionSlot; - //private static final ArrayList.PSInfo> psinfos = new ArrayList.PSInfo>(); - private static final ArrayList.PSInfo> psinfos = new ArrayList.PSInfo>(); - private static final List EMPTY = new ArrayList(0); - private static final Deque resetDeque = new ConcurrentLinkedDeque(); - private static boolean resetTrigger = false; - private static long nextAvailableReset = 0; - - - public AbsCassDAO(TRANS trans, String name, Cluster cluster, String keyspace, Class dataClass) { - this.name = name; - this.cluster = cluster; - this.keyspace = keyspace; - owningDAO = null; // we own session - session = null; - this.dataClass = dataClass; - - } - - public AbsCassDAO(TRANS trans, String name, AbsCassDAO aDao, Class dataClass) { - this.name = name; - cluster = aDao.cluster; - keyspace = aDao.keyspace; - session = null; - owningDAO = aDao; // We do not own session - this.dataClass = dataClass; - } - - public static void setSessionSlot(Slot slot) { - sessionSlot = slot; - } - - //Note: Lower case ON PURPOSE. These names used to create History Messages - public enum CRUD { - create,read,update,delete - ; - -} - - public class PSInfo { - private BoundStatement ps; - private final int size; - private final Loader loader; - private final CRUD crud; // Store CRUD, because it makes a difference in Object Order, see Loader - private final String cql; - private final ConsistencyLevel consistency; - - - /** - * Create a PSInfo and create Prepared Statement - * - * @param trans - * @param theCQL - * @param loader - */ - public PSInfo(TRANS trans, String theCQL, Loader loader, ConsistencyLevel consistency) { - this.loader = loader; - this.consistency=consistency; - psinfos.add(this); - - cql = theCQL.trim().toUpperCase(); - if(cql.startsWith("INSERT")) { - crud = CRUD.create; - } else if(cql.startsWith("UPDATE")) { - crud = CRUD.update; - } else if(cql.startsWith("DELETE")) { - crud = CRUD.delete; - } else { - crud = CRUD.read; - } - - int idx = 0, count=0; - while((idx=cql.indexOf('?',idx))>=0) { - ++idx; - ++count; - } - size=count; - } - - public synchronized void reset() { - ps = null; - } - - private BoundStatement ps(TransStore trans) throws APIException, IOException { - if(ps==null) { - synchronized(this) { - if(ps==null) { - TimeTaken tt = trans.start("Preparing PSInfo " + crud.toString().toUpperCase() + " on " + name,Env.SUB); - try { - ps = new BoundStatement(getSession(trans).prepare(cql)); - ps.setConsistencyLevel(consistency); - } catch (DriverException e) { - reportPerhapsReset(trans,e); - throw e; - } finally { - tt.done(); - } - } - } - } - return ps; - } - - /** - * Execute a Prepared Statement by extracting from DATA object - * - * @param trans - * @param text - * @param data - * @return - */ - public Result execAsync(TRANS trans, String text, DATA data) { - TimeTaken tt = trans.start(text, Env.REMOTE); - try { - return Result.ok(getSession(trans).executeAsync( - ps(trans).bind(loader.extract(data, size, crud)))); - } catch (DriverException | APIException | IOException e) { - AbsCassDAO.this.reportPerhapsReset(trans,e); - return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql); - } finally { - tt.done(); - } - } - - /** - * Execute a Prepared Statement on Object[] key - * - * @param trans - * @param text - * @param objs - * @return - */ - public Result execAsync(TRANS trans, String text, Object ... objs) { - TimeTaken tt = trans.start(text, Env.REMOTE); - try { - return Result.ok(getSession(trans).executeAsync(ps(trans).bind(objs))); - } catch (DriverException | APIException | IOException e) { - AbsCassDAO.this.reportPerhapsReset(trans,e); - return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql); - } finally { - tt.done(); - } - } - - /* - * Note: - * - */ - - /** - * Execute a Prepared Statement by extracting from DATA object - * - * @param trans - * @param text - * @param data - * @return - */ - public Result exec(TRANS trans, String text, DATA data) { - TimeTaken tt = trans.start(text, Env.REMOTE); - try { - /* - * "execute" (and executeAsync) - * Executes the provided query. - This method blocks until at least some result has been received from the database. However, - for SELECT queries, it does not guarantee that the result has been received in full. But it - does guarantee that some response has been received from the database, and in particular - guarantee that if the request is invalid, an exception will be thrown by this method. - - Parameters: - statement - the CQL query to execute (that can be any Statement). - Returns: - the result of the query. That result will never be null but can be empty (and will - be for any non SELECT query). - */ - return Result.ok(getSession(trans).execute( - ps(trans).bind(loader.extract(data, size, crud)))); - } catch (DriverException | APIException | IOException e) { - AbsCassDAO.this.reportPerhapsReset(trans,e); - return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql); - } finally { - tt.done(); - } - } - - /** - * Execute a Prepared Statement on Object[] key - * - * @param trans - * @param text - * @param objs - * @return - */ - public Result exec(TRANS trans, String text, Object ... objs) { - TimeTaken tt = trans.start(text, Env.REMOTE); - try { - return Result.ok(getSession(trans).execute(ps(trans).bind(objs))); - } catch (DriverException | APIException | IOException e) { - AbsCassDAO.this.reportPerhapsReset(trans,e); - return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql); - } finally { - tt.done(); - } - } - - /** - * Read the Data from Cassandra given a Prepared Statement (defined by the - * DAO Instance) - * - * This is common behavior among all DAOs. - * @throws DAOException - */ - public Result> read(TRANS trans, String text, Object[] key) { - TimeTaken tt = trans.start(text,Env.REMOTE); - - ResultSet rs; - try { - rs = getSession(trans).execute(key==null?ps(trans):ps(trans).bind(key)); -/// TEST CODE for Exception -// boolean force = true; -// if(force) { -// Map misa = new HashMap(); -// //misa.put(new InetSocketAddress(444),new Exception("no host was tried")); -// misa.put(new InetSocketAddress(444),new Exception("Connection has been closed")); -// throw new com.datastax.driver.core.exceptions.NoHostAvailableException(misa); -//// throw new com.datastax.driver.core.exceptions.AuthenticationException(new InetSocketAddress(9999),"no host was tried"); -// } -//// END TEST CODE - } catch (DriverException | APIException | IOException e) { - AbsCassDAO.this.reportPerhapsReset(trans,e); - return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql); - } finally { - tt.done(); - } - - return extract(loader,rs,null /*let Array be created if necessary*/,dflt); - } - - public Result> read(TRANS trans, String text, DATA data) { - return read(trans,text, loader.extract(data, size, crud)); - } - - public Object[] keyFrom(DATA data) { - return loader.extract(data, size, CRUD.delete); // Delete is key only - } - - /* - * Note: in case PSInfos are deleted, we want to remove them from list. This is not expected, - * but we don't want a data leak if it does. Finalize doesn't have to happen quickly - */ - @Override - protected void finalize() throws Throwable { - psinfos.remove(this); - } - } - - protected final Accept dflt = new Accept() { - @Override - public boolean ok(DATA data) { - return true; - } - }; - - - @SuppressWarnings("unchecked") - protected final Result> extract(Loader loader, ResultSet rs, List indata, Accept accept) { - List rows = rs.all(); - if(rows.isEmpty()) { - return Result.ok((List)EMPTY); // Result sets now .emptyList(true); - } else { - DATA d; - List data = indata==null?new ArrayList(rows.size()):indata; - - for(Row row : rows) { - try { - d = loader.load(dataClass.newInstance(),row); - if(accept.ok(d)) { - data.add(d); - } - } catch(Exception e) { - return Result.err(e); - } - } - return Result.ok(data); - } - } - - private static final String NEW_CASSANDRA_SESSION_CREATED = "New Cassandra Session Created"; - private static final String NEW_CASSANDRA_CLUSTER_OBJECT_CREATED = "New Cassandra Cluster Object Created"; - private static final String NEW_CASSANDRA_SESSION = "New Cassandra Session"; - - private static class ResetRequest { - //package on purpose - Session session; - long timestamp; - - public ResetRequest(Session session) { - this.session = session; - timestamp = System.currentTimeMillis(); - } - } - - - public static final void primePSIs(TransStore trans) throws APIException, IOException { - for(AbsCassDAO.PSInfo psi : psinfos) { - if(psi.ps==null) { - psi.ps(trans); - } - } - } - - public final Session getSession(TransStore trans) throws APIException, IOException { - // Try to use Trans' session, if exists - if(sessionSlot!=null) { // try to get from Trans - Session sess = trans.get(sessionSlot, null); - if(sess!=null) { - return sess; - } - } - - // If there's an owning DAO, use it's session - if(owningDAO!=null) { - return owningDAO.getSession(trans); - } - - // OK, nothing else works... get our own. - if(session==null || resetTrigger) { - Cluster tempCluster = null; - Session tempSession = null; - try { - synchronized(NEW_CASSANDRA_SESSION_CREATED) { - boolean reset = false; - for(ResetRequest r : resetDeque) { - if(r.session == session) { - if(r.timestamp>nextAvailableReset) { - reset=true; - nextAvailableReset = System.currentTimeMillis() + 60000; - tempCluster = cluster; - tempSession = session; - break; - } else { - trans.warn().log("Cassandra Connection Reset Ignored: Recent Reset"); - } - } - } - - if(reset || session == null) { - TimeTaken tt = trans.start(NEW_CASSANDRA_SESSION, Env.SUB); - try { - // Note: Maitrayee recommended not closing the cluster, just - // overwrite it. 9/30/2016 assuming same for Session - // This was a bad idea. Ran out of File Handles as I suspected.. - if(reset) { - for(AbsCassDAO.PSInfo psi : psinfos) { - psi.reset(); - } - } - if(reset || cluster==null) { - cluster = CassAccess.cluster(trans, keyspace); - trans.warn().log(NEW_CASSANDRA_CLUSTER_OBJECT_CREATED); - } - if(reset || session==null) { - session = cluster.connect(keyspace); - trans.warn().log(NEW_CASSANDRA_SESSION_CREATED); - } - } finally { - resetTrigger=false; - tt.done(); - } - } - } - } finally { - TimeTaken tt = trans.start("Clear Reset Deque", Env.SUB); - try { - resetDeque.clear(); - // Not clearing Session/Cluster appears to kill off FileHandles - if(tempSession!=null && !tempSession.isClosed()) { - tempSession.close(); - } - if(tempCluster!=null && !tempCluster.isClosed()) { - tempCluster.close(); - } - } finally { - tt.done(); - } - } - } - return session; - } - - public final boolean reportPerhapsReset(TransStore trans, Exception e) { - if(owningDAO!=null) { - return owningDAO.reportPerhapsReset(trans, e); - } else { - boolean rv = false; - if(CassAccess.isResetException(e)) { - trans.warn().printf("Session Reset called for %s by %s ",session==null?"":session,e==null?"Mgmt Command":e.getClass().getName()); - resetDeque.addFirst(new ResetRequest(session)); - rv = resetTrigger = true; - } - trans.error().log(e); - return rv; - } - } - - public void close(TransStore trans) { - if(owningDAO==null) { - if(session!=null) { - TimeTaken tt = trans.start("Cassandra Session Close", Env.SUB); - try { - session.close(); - } finally { - tt.done(); - } - session = null; - } else { - trans.debug().log("close called(), Session already closed"); - } - } else { - owningDAO.close(trans); - } - } - - protected void wasModified(TRANS trans, CRUD modified, DATA data, String ... override) { - } - - protected interface Accept { - public boolean ok(DATA data); - } - -} - - - diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Bytification.java b/authz-cass/src/main/java/org/onap/aaf/dao/Bytification.java deleted file mode 100644 index 901339e4..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Bytification.java +++ /dev/null @@ -1,31 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.io.IOException; -import java.nio.ByteBuffer; - -public interface Bytification { - public ByteBuffer bytify() throws IOException; - public void reconstitute(ByteBuffer bb) throws IOException; -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/CIDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/CIDAO.java deleted file mode 100644 index 05bb86d0..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/CIDAO.java +++ /dev/null @@ -1,52 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.util.Date; - -import org.onap.aaf.authz.layer.Result; - -import org.onap.aaf.inno.env.Trans; - -public interface CIDAO { - - /** - * Touch the date field for given Table - * - * @param trans - * @param name - * @return - */ - public abstract Result touch(TRANS trans, String name, int ... seg); - - /** - * Read all Info entries, and set local Date objects - * - * This is to support regular data checks on the Database to speed up Caching behavior - * - */ - public abstract Result check(TRANS trans); - - public abstract Date get(TRANS trans, String table, int seg); - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Cacheable.java b/authz-cass/src/main/java/org/onap/aaf/dao/Cacheable.java deleted file mode 100644 index 08482921..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Cacheable.java +++ /dev/null @@ -1,34 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; -/** - * Interface to obtain Segment Integer from DAO Data - * for use in Caching mechanism - * - * This should typically be obtained by getting the Hash of the key, then using modulus on the size of segment. - * - * - */ -public interface Cacheable { - public int[] invalidate(Cached cache); -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Cached.java b/authz-cass/src/main/java/org/onap/aaf/dao/Cached.java deleted file mode 100644 index 5e5323cc..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Cached.java +++ /dev/null @@ -1,198 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.util.Date; -import java.util.List; -import java.util.Map; -import java.util.Timer; -import java.util.TimerTask; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cache.Cache; -import org.onap.aaf.dao.aaf.cass.Status; - -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Trans; - -public class Cached extends Cache { - // Java does not allow creation of Arrays with Generics in them... - // private Map cache[]; - protected final CIDAO info; - - private static Timer infoTimer; - private Object cache[]; - public final int segSize; - - protected final String name; - - - - // Taken from String Hash, but coded, to ensure consistent across Java versions. Also covers negative case; - public int cacheIdx(String key) { - int h = 0; - for (int i = 0; i < key.length(); i++) { - h = 31*h + key.charAt(i); - } - if(h<0)h*=-1; - return h%segSize; - } - - public Cached(CIDAO info, String name, int segSize) { - this.name =name; - this.segSize = segSize; - this.info = info; - cache = new Object[segSize]; - // Create a new Map for each Segment, and store locally - for(int i=0;i data) { - @SuppressWarnings("unchecked") - Map map = ((Map)cache[cacheIdx(key)]); - map.put(key, new Dated(data)); - } - - - public int invalidate(String key) { - int cacheIdx = cacheIdx(key); - @SuppressWarnings("unchecked") - Map map = ((Map)cache[cacheIdx]); -// if(map.remove(key)!=null) // Not seeming to remove all the time - if(map!=null)map.clear(); -// System.err.println("Remove " + name + " " + key); - return cacheIdx; - } - - public Result invalidate(int segment) { - if(segment<0 || segment>=cache.length) return Result.err(Status.ERR_BadData,"Cache Segment %s is out of range",Integer.toString(segment)); - @SuppressWarnings("unchecked") - Map map = ((Map)cache[segment]); - if(map!=null) { - map.clear(); - } - return Result.ok(); - } - - protected interface Getter { - public abstract Result> get(); - }; - - // TODO utilize Segmented Caches, and fold "get" into "reads" - @SuppressWarnings("unchecked") - public Result> get(TRANS trans, String key, Getter getter) { - List ld = null; - Result> rld = null; - - int cacheIdx = cacheIdx(key); - Map map = ((Map)cache[cacheIdx]); - - // Check for saved element in cache - Dated cached = map.get(key); - // Note: These Segment Timestamps are kept up to date with DB - Date dbStamp = info.get(trans, name,cacheIdx); - - // Check for cache Entry and whether it is still good (a good Cache Entry is same or after DBEntry, so we use "before" syntax) - if(cached!=null && dbStamp.before(cached.timestamp)) { - ld = (List)cached.data; - rld = Result.ok(ld); - } else { - rld = getter.get(); - if(rld.isOK()) { // only store valid lists - map.put(key, new Dated(rld.value)); // successful item found gets put in cache -// } else if(rld.status == Result.ERR_Backend){ -// map.remove(key); - } - } - return rld; - } - - /** - * Each Cached object has multiple Segments that need cleaning. Derive each, and add to Cleansing Thread - * @param env - * @param dao - */ - public static void startCleansing(AuthzEnv env, CachedDAO ... dao) { - for(CachedDAO d : dao) { - for(int i=0;i void startRefresh(AuthzEnv env, CIDAO cidao) { - if(infoTimer==null) { - infoTimer = new Timer("CachedDAO Info Refresh Timer"); - int minRefresh = 10*1000*60; // 10 mins Integer.parseInt(env.getProperty(CACHE_MIN_REFRESH_INTERVAL,"2000")); // 2 second minimum refresh - infoTimer.schedule(new Refresh(env,cidao, minRefresh), 1000, minRefresh); // note: Refresh from DB immediately - } - } - - public static void stopTimer() { - Cache.stopTimer(); - if(infoTimer!=null) { - infoTimer.cancel(); - infoTimer = null; - } - } - - private final static class Refresh extends TimerTask { - private static final int maxRefresh = 2*60*10000; // 20 mins - private AuthzEnv env; - private CIDAO cidao; - private int minRefresh; - private long lastRun; - - public Refresh(AuthzEnv env, CIDAO cidao, int minRefresh) { - this.env = env; - this.cidao = cidao; - this.minRefresh = minRefresh; - lastRun = System.currentTimeMillis()-maxRefresh-1000; - } - - @Override - public void run() { - // Evaluate whether to refresh based on transaction rate - long now = System.currentTimeMillis(); - long interval = now-lastRun; - - if(interval < minRefresh || interval < Math.min(env.transRate(),maxRefresh)) return; - lastRun = now; - AuthzTrans trans = env.newTransNoAvg(); - Result rv = cidao.check(trans); - if(rv.status!=Result.OK) { - env.error().log("Error in CacheInfo Refresh",rv.details); - } - if(env.debug().isLoggable()) { - StringBuilder sb = new StringBuilder("Cache Info Refresh: "); - trans.auditTrail(0, sb, Env.REMOTE); - env.debug().log(sb); - } - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/CachedDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/CachedDAO.java deleted file mode 100644 index 4237b91e..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/CachedDAO.java +++ /dev/null @@ -1,229 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.util.ArrayList; -import java.util.List; - -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.Status; - -import org.onap.aaf.inno.env.Trans; - -/** - * CachedDAO - * - * Cache the response of "get" of any DAO. - * - * For simplicity's sake, at this time, we only do this for single Object keys - * - * - * @param - */ -public class CachedDAO,DATA extends Cacheable> - extends Cached implements DAO_RO{ -// private final String dirty_str; - - private final D dao; - - public CachedDAO(D dao, CIDAO info, int segsize) { - super(info, dao.table(), segsize); - - // Instantiate a new Cache per DAO name (so separate instances use the same cache) - this.dao = dao; - //read_str = "Cached READ for " + dao.table(); -// dirty_str = "Cache DIRTY on " + dao.table(); - if(dao instanceof CassDAOImpl) { - ((CassDAOImpl)dao).cache = this; - } - } - - public static, DT extends Cacheable> - CachedDAO create(DA dao, CIDAO info, int segsize) { - return new CachedDAO(dao,info, segsize); - } - - public void add(DATA data) { - String key = keyFromObjs(dao.keyFrom(data)); - List list = new ArrayList(); - list.add(data); - super.add(key,list); - } - -// public void invalidate(TRANS trans, Object ... objs) { -// TimeTaken tt = trans.start(dirty_str, Env.SUB); -// try { -// super.invalidate(keyFromObjs(objs)); -// } finally { -// tt.done(); -// } -// } - - public static String keyFromObjs(Object ... objs) { - String key; - if(objs.length==1 && objs[0] instanceof String) { - key = (String)objs[0]; - } else { - StringBuilder sb = new StringBuilder(); - boolean first = true; - for(Object o : objs) { - if(o!=null) { - if(first) { - first =false; - } else { - sb.append('|'); - } - sb.append(o.toString()); - } - } - key = sb.toString(); - } - return key; - } - - public Result create(TRANS trans, DATA data) { - Result d = dao.create(trans,data); - if(d.status==Status.OK) { - add(d.value); - } else { - trans.error().log(d.errorString()); - } - invalidate(trans,data); - return d; - } - - protected class DAOGetter implements Getter { - protected TRANS trans; - protected Object objs[]; - protected D dao; - public Result> result; - - public DAOGetter(TRANS trans, D dao, Object ... objs) { - this.trans = trans; - this.dao = dao; - this.objs = objs; - } - - /** - * Separated into single call for easy overloading - * @return - */ - public Result> call() { - return dao.read(trans, objs); - } - - @Override - public final Result> get() { - return call(); -// if(result.isOKhasData()) { // Note, given above logic, could exist, but stale -// return result.value; -// } else { -// return null; -// } - } - } - - @Override - public Result> read(final TRANS trans, final Object ... objs) { - DAOGetter getter = new DAOGetter(trans,dao,objs); - return get(trans, keyFromObjs(objs),getter); -// if(ld!=null) { -// return Result.ok(ld);//.emptyList(ld.isEmpty()); -// } -// // Result Result if exists -// if(getter.result==null) { -// return Result.err(Status.ERR_NotFound, "No Cache or Lookup found on [%s]",dao.table()); -// } -// return getter.result; - } - - // Slight Improved performance available when String and Obj versions are known. - public Result> read(final String key, final TRANS trans, final Object ... objs) { - DAOGetter getter = new DAOGetter(trans,dao,objs); - return get(trans, key, getter); -// if(ld!=null) { -// return Result.ok(ld);//.emptyList(ld.isEmpty()); -// } -// // Result Result if exists -// if(getter.result==null) { -// return Result.err(Status.ERR_NotFound, "No Cache or Lookup found on [%s]",dao.table()); -// } -// return getter.result; - } - - @Override - public Result> read(TRANS trans, DATA data) { - return read(trans,dao.keyFrom(data)); - } - public Result update(TRANS trans, DATA data) { - Result d = dao.update(trans, data); - if(d.status==Status.OK) { - add(data); - } else { - trans.error().log(d.errorString()); - } - return d; - } - - public Result delete(TRANS trans, DATA data, boolean reread) { - if(reread) { // If reread, get from Cache, if possible, not DB exclusively - Result> rd = read(trans,data); - if(rd.notOK()) { - return Result.err(rd); - } else { - trans.error().log(rd.errorString()); - } - if(rd.isEmpty()) { - data.invalidate(this); - return Result.err(Status.ERR_NotFound,"Not Found"); - } - data = rd.value.get(0); - } - Result rv=dao.delete(trans, data, false); - data.invalidate(this); - return rv; - } - - @Override - public void close(TRANS trans) { - if(dao!=null) { - dao.close(trans); - } - } - - - @Override - public String table() { - return dao.table(); - } - - public D dao() { - return dao; - } - - public void invalidate(TRANS trans, DATA data) { - if(info.touch(trans, dao.table(),data.invalidate(this)).notOK()) { - trans.error().log("Cannot touch CacheInfo for Role"); - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/CassAccess.java b/authz-cass/src/main/java/org/onap/aaf/dao/CassAccess.java deleted file mode 100644 index 79bd6e0e..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/CassAccess.java +++ /dev/null @@ -1,220 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzEnv; - -import org.onap.aaf.cadi.routing.GreatCircle; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.util.Split; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Cluster.Builder; -import com.datastax.driver.core.policies.DCAwareRoundRobinPolicy; - -public class CassAccess { - public static final String KEYSPACE = "authz"; - public static final String CASSANDRA_CLUSTERS = "cassandra.clusters"; - public static final String CASSANDRA_CLUSTERS_PORT = "cassandra.clusters.port"; - public static final String CASSANDRA_CLUSTERS_USER_NAME = "cassandra.clusters.user"; - public static final String CASSANDRA_CLUSTERS_PASSWORD = "cassandra.clusters.password"; - public static final String CASSANDRA_RESET_EXCEPTIONS = "cassandra.reset.exceptions"; - public static final String LATITUDE = "LATITUDE"; - public static final String LONGITUDE = "LONGITUDE"; - private static final List resetExceptions = new ArrayList(); - public static final String ERR_ACCESS_MSG = "Accessing Backend"; - private static Builder cb = null; - - /** - * To create DCAwareRoundRobing Policy: - * Need Properties - * LATITUDE (or AFT_LATITUDE) - * LONGITUDE (or AFT_LONGITUDE) - * CASSANDRA CLUSTERS with additional information: - * machine:DC:lat:long,machine:DC:lat:long - * @param env - * @param prefix - * @return - * @throws APIException - * @throws IOException - */ - - @SuppressWarnings("deprecation") - public static synchronized Cluster cluster(Env env, String prefix) throws APIException, IOException { - if(cb == null) { - String pre; - if(prefix==null) { - pre=""; - } else { - env.info().log("Cassandra Connection for ",prefix); - pre = prefix+'.'; - } - cb = Cluster.builder(); - String str = env.getProperty(pre+CASSANDRA_CLUSTERS_PORT,"9042"); - if(str!=null) { - env.init().log("Cass Port = ",str ); - cb.withPort(Integer.parseInt(str)); - } - str = env.getProperty(pre+CASSANDRA_CLUSTERS_USER_NAME,null); - if(str!=null) { - env.init().log("Cass User = ",str ); - String epass = env.getProperty(pre + CASSANDRA_CLUSTERS_PASSWORD,null); - if(epass==null) { - throw new APIException("No Password configured for " + str); - } - //TODO Figure out way to ensure Decryptor setting in AuthzEnv - if(env instanceof AuthzEnv) { - cb.withCredentials(str,((AuthzEnv)env).decrypt(epass,true)); - } else { - cb.withCredentials(str, env.decryptor().decrypt(epass)); - } - } - - str = env.getProperty(pre+CASSANDRA_RESET_EXCEPTIONS,null); - if(str!=null) { - env.init().log("Cass ResetExceptions = ",str ); - for(String ex : Split.split(',', str)) { - resetExceptions.add(new Resettable(env,ex)); - } - } - - str = env.getProperty(LATITUDE,env.getProperty("AFT_LATITUDE",null)); - Double lat = str!=null?Double.parseDouble(str):null; - str = env.getProperty(LONGITUDE,env.getProperty("AFT_LONGITUDE",null)); - Double lon = str!=null?Double.parseDouble(str):null; - if(lat == null || lon == null) { - throw new APIException("LATITUDE(or AFT_LATITUDE) and/or LONGITUDE(or AFT_LATITUDE) are not set"); - } - - env.init().printf("Service Latitude,Longitude = %f,%f",lat,lon); - - str = env.getProperty(pre+CASSANDRA_CLUSTERS,"localhost"); - env.init().log("Cass Clusters = ",str ); - String[] machs = Split.split(',', str); - String[] cpoints = new String[machs.length]; - String bestDC = null; - int numInBestDC = 1; - double mlat, mlon,temp,distance = -1.0; - for(int i=0;i0) { - cpoints[i]=minfo[0]; - } - - // Calc closest DC with Great Circle - if(minfo.length>3) { - mlat = Double.parseDouble(minfo[2]); - mlon = Double.parseDouble(minfo[3]); - if((temp=GreatCircle.calc(lat, lon, mlat, mlon)) > distance) { - distance = temp; - if(bestDC!=null && bestDC.equals(minfo[1])) { - ++numInBestDC; - } else { - bestDC = minfo[1]; - numInBestDC = 1; - } - } else { - if(bestDC!=null && bestDC.equals(minfo[1])) { - ++numInBestDC; - } - } - } - } - - cb.addContactPoints(cpoints); - - if(bestDC!=null) { - // 8/26/2016 Management has determined that Accuracy is preferred over speed in bad situations - // Local DC Aware Load Balancing appears to have the highest normal performance, with the best - // Degraded Accuracy - cb.withLoadBalancingPolicy(new DCAwareRoundRobinPolicy( - bestDC, numInBestDC, true /*allow LocalDC to look at other DCs for LOCAL_QUORUM */)); - env.init().printf("Cassandra configured for DCAwareRoundRobinPolicy at %s with emergency remote of up to %d node(s)" - ,bestDC, numInBestDC); - } else { - env.init().printf("Cassandra is using Default Policy, which is not DC aware"); - } - } - return cb.build(); - } - - private static class Resettable { - private Class cls; - private List messages; - - @SuppressWarnings("unchecked") - public Resettable(Env env, String propData) throws APIException { - if(propData!=null && propData.length()>1) { - String[] split = Split.split(':', propData); - if(split.length>0) { - try { - cls = (Class)Class.forName(split[0]); - } catch (ClassNotFoundException e) { - throw new APIException("Declared Cassandra Reset Exception, " + propData + ", cannot be ClassLoaded"); - } - } - if(split.length>1) { - messages=new ArrayList(); - for(int i=1;i - */ -public class CassDAOImpl extends AbsCassDAO implements DAO { - public static final String USER_NAME = "__USER_NAME__"; - protected static final String CREATE_SP = "CREATE "; - protected static final String UPDATE_SP = "UPDATE "; - protected static final String DELETE_SP = "DELETE "; - protected static final String SELECT_SP = "SELECT "; - - protected final String C_TEXT = getClass().getSimpleName() + " CREATE"; - protected final String R_TEXT = getClass().getSimpleName() + " READ"; - protected final String U_TEXT = getClass().getSimpleName() + " UPDATE"; - protected final String D_TEXT = getClass().getSimpleName() + " DELETE"; - private String table; - - protected final ConsistencyLevel readConsistency,writeConsistency; - - // Setteable only by CachedDAO - protected Cached cache; - - /** - * A Constructor from the originating Cluster. This DAO will open the Session at need, - * and shutdown the session when "close()" is called. - * - * @param cluster - * @param keyspace - * @param dataClass - */ - public CassDAOImpl(TRANS trans, String name, Cluster cluster, String keyspace, Class dataClass, String table, ConsistencyLevel read, ConsistencyLevel write) { - super(trans, name, cluster,keyspace,dataClass); - this.table = table; - readConsistency = read; - writeConsistency = write; - } - - /** - * A Constructor to share Session with other DAOs. - * - * This method get the Session and Cluster information from the calling DAO, and won't - * touch the Session on closure. - * - * @param aDao - * @param dataClass - */ - public CassDAOImpl(TRANS trans, String name, AbsCassDAO aDao, Class dataClass, String table, ConsistencyLevel read, ConsistencyLevel write) { - super(trans, name, aDao,dataClass); - this.table = table; - readConsistency = read; - writeConsistency = write; - } - - protected PSInfo createPS; - protected PSInfo readPS; - protected PSInfo updatePS; - protected PSInfo deletePS; - private boolean async=false; - - public void async(boolean bool) { - async = bool; - } - - public final String[] setCRUD(TRANS trans, String table, Class dc,Loader loader) { - return setCRUD(trans, table, dc, loader, -1); - } - - public final String[] setCRUD(TRANS trans, String table, Class dc,Loader loader, int max) { - Field[] fields = dc.getDeclaredFields(); - int end = max>=0 & max0) { - for(int i=0;i0) { - sbfc.append(','); - sbq.append(','); - if(i=keylimit) { - if(i>keylimit) { - sbup.append(','); - } - sbup.append(fields[i].getName()); - sbup.append("=?"); - } - if(i create(TRANS trans, DATA data) { - if(createPS==null) { - Result.err(Result.ERR_NotImplemented,"Create is disabled for %s",getClass().getSimpleName()); - } - if(async) /*ResultSetFuture */ { - Result rs = createPS.execAsync(trans, C_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } else { - Result rs = createPS.exec(trans, C_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } - wasModified(trans, CRUD.create, data); - return Result.ok(data); - } - - /** - * Read the Unique Row associated with Full Keys - */ - public Result> read(TRANS trans, DATA data) { - if(readPS==null) { - Result.err(Result.ERR_NotImplemented,"Read is disabled for %s",getClass().getSimpleName()); - } - return readPS.read(trans, R_TEXT, data); - } - - public Result> read(TRANS trans, Object ... key) { - if(readPS==null) { - Result.err(Result.ERR_NotImplemented,"Read is disabled for %s",getClass().getSimpleName()); - } - return readPS.read(trans, R_TEXT, key); - } - - public Result update(TRANS trans, DATA data) { - if(updatePS==null) { - Result.err(Result.ERR_NotImplemented,"Update is disabled for %s",getClass().getSimpleName()); - } - if(async)/* ResultSet rs =*/ { - Result rs = updatePS.execAsync(trans, U_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } else { - Result rs = updatePS.exec(trans, U_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } - - wasModified(trans, CRUD.update, data); - return Result.ok(); - } - - // This method Sig for Cached... - public Result delete(TRANS trans, DATA data, boolean reread) { - if(deletePS==null) { - Result.err(Result.ERR_NotImplemented,"Delete is disabled for %s",getClass().getSimpleName()); - } - // Since Deleting will be stored off, for possible re-constitution, need the whole thing - if(reread) { - Result> rd = read(trans,data); - if(rd.notOK()) { - return Result.err(rd); - } - if(rd.isEmpty()) { - return Result.err(Status.ERR_NotFound,"Not Found"); - } - for(DATA d : rd.value) { - if(async) { - Result rs = deletePS.execAsync(trans, D_TEXT, d); - if(rs.notOK()) { - return Result.err(rs); - } - } else { - Result rs = deletePS.exec(trans, D_TEXT, d); - if(rs.notOK()) { - return Result.err(rs); - } - } - wasModified(trans, CRUD.delete, d); - } - } else { - if(async)/* ResultSet rs =*/ { - Result rs = deletePS.execAsync(trans, D_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } else { - Result rs = deletePS.exec(trans, D_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - } - wasModified(trans, CRUD.delete, data); - } - return Result.ok(); - } - - public final Object[] keyFrom(DATA data) { - return createPS.keyFrom(data); - } - - @Override - public String table() { - return table; - } - - public static final String CASS_READ_CONSISTENCY="cassandra.readConsistency"; - public static final String CASS_WRITE_CONSISTENCY="cassandra.writeConsistency"; - protected static ConsistencyLevel readConsistency(AuthzTrans trans, String table) { - String prop = trans.getProperty(CASS_READ_CONSISTENCY+'.'+table); - if(prop==null) { - prop = trans.getProperty(CASS_READ_CONSISTENCY); - if(prop==null) { - return ConsistencyLevel.ONE; // this is Cassandra Default - } - } - return ConsistencyLevel.valueOf(prop); - } - - protected static ConsistencyLevel writeConsistency(AuthzTrans trans, String table) { - String prop = trans.getProperty(CASS_WRITE_CONSISTENCY+'.'+table); - if(prop==null) { - prop = trans.getProperty(CASS_WRITE_CONSISTENCY); - if(prop==null) { - return ConsistencyLevel.ONE; // this is Cassandra Default\ - } - } - return ConsistencyLevel.valueOf(prop); - } - - public static DataInputStream toDIS(ByteBuffer bb) { - byte[] b = bb.array(); - return new DataInputStream( - new ByteArrayInputStream(b,bb.position(),bb.limit()) - ); - } - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/DAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/DAO.java deleted file mode 100644 index acdb36da..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/DAO.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import org.onap.aaf.authz.layer.Result; - -import org.onap.aaf.inno.env.Trans; - - -/** - * DataAccessObject Interface - * - * Extend the ReadOnly form (for Get), and add manipulation methods - * - * @param - */ -public interface DAO extends DAO_RO { - public Result create(TRANS trans, DATA data); - public Result update(TRANS trans, DATA data); - // In many cases, the data has been correctly read first, so we shouldn't read again - // Use reread=true if you are using DATA with only a Key - public Result delete(TRANS trans, DATA data, boolean reread); - public Object[] keyFrom(DATA data); -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/DAOException.java b/authz-cass/src/main/java/org/onap/aaf/dao/DAOException.java deleted file mode 100644 index 85b8c841..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/DAOException.java +++ /dev/null @@ -1,52 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -public class DAOException extends Exception { - - /** - * - */ - private static final long serialVersionUID = 1527904125585539823L; - -// // TODO - enum in result class == is our intended design, currently the DAO layer does not use Result so we still use these for now -// public final static DAOException RoleNotFoundDAOException = new DAOException("RoleNotFound"); -// public final static DAOException PermissionNotFoundDAOException = new DAOException("PermissionNotFound"); -// public final static DAOException UserNotFoundDAOException = new DAOException("UserNotFound"); - - public DAOException() { - } - - public DAOException(String message) { - super(message); - } - - public DAOException(Throwable cause) { - super(cause); - } - - public DAOException(String message, Throwable cause) { - super(message, cause); - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/DAO_RO.java b/authz-cass/src/main/java/org/onap/aaf/dao/DAO_RO.java deleted file mode 100644 index a853675d..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/DAO_RO.java +++ /dev/null @@ -1,71 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.util.List; - -import org.onap.aaf.authz.layer.Result; - -import org.onap.aaf.inno.env.Trans; - -/** - * DataAccessObject - ReadOnly - * - * It is useful to have a ReadOnly part of the interface for CachedDAO - * - * Normal DAOs will implement full DAO - * - * - * @param - */ -public interface DAO_RO { - /** - * Get a List of Data given Key of Object Array - * @param objs - * @return - * @throws DAOException - */ - public Result> read(TRANS trans, Object ... key); - - /** - * Get a List of Data given Key of DATA Object - * @param trans - * @param key - * @return - * @throws DAOException - */ - public Result> read(TRANS trans, DATA key); - - /** - * close DAO - */ - public void close(TRANS trans); - - /** - * Return name of referenced Data - * @return - */ - public String table(); - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Loader.java b/authz-cass/src/main/java/org/onap/aaf/dao/Loader.java deleted file mode 100644 index 42a73f4b..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Loader.java +++ /dev/null @@ -1,214 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; - -import com.datastax.driver.core.Row; - -public abstract class Loader { - private int keylimit; - public Loader(int keylimit) { - this.keylimit = keylimit; - } - - public int keylimit() { - return keylimit; - } - - protected abstract DATA load(DATA data, Row row); - protected abstract void key(DATA data, int idx, Object[] obj); - protected abstract void body(DATA data, int idx, Object[] obj); - - public final Object[] extract(DATA data, int size, CassDAOImpl.CRUD type) { - Object[] rv=null; - switch(type) { - case delete: - rv = new Object[keylimit()]; - key(data,0,rv); - break; - case update: - rv = new Object[size]; - body(data,0,rv); - int body = size-keylimit(); - if(body>0) { - key(data,body,rv); - } - break; - default: - rv = new Object[size]; - key(data,0,rv); - if(size>keylimit()) { - body(data,keylimit(),rv); - } - break; - } - return rv; - } - - public static void writeString(DataOutputStream os, String s) throws IOException { - if(s==null) { - os.writeInt(-1); - } else { - switch(s.length()) { - case 0: - os.writeInt(0); - break; - default: - byte[] bytes = s.getBytes(); - os.writeInt(bytes.length); - os.write(bytes); - } - } - } - - /** - * We use bytes here to set a Maximum - * - * @param is - * @param MAX - * @return - * @throws IOException - */ - public static String readString(DataInputStream is, byte[] _buff) throws IOException { - int l = is.readInt(); - byte[] buff = _buff; - switch(l) { - case -1: return null; - case 0: return ""; - default: - // Cover case where there is a large string, without always allocating a large buffer. - if(l>buff.length) { - buff = new byte[l]; - } - is.read(buff,0,l); - return new String(buff,0,l); - } - } - - /** - * Write a set with proper sizing - * - * Note: at the moment, this is just String. Probably can develop system where types - * are supported too... but not now. - * - * @param os - * @param set - * @throws IOException - */ - public static void writeStringSet(DataOutputStream os, Collection set) throws IOException { - if(set==null) { - os.writeInt(-1); - } else { - os.writeInt(set.size()); - for(String s : set) { - writeString(os, s); - } - } - - } - - public static Set readStringSet(DataInputStream is, byte[] buff) throws IOException { - int l = is.readInt(); - if(l<0) { - return null; - } - Set set = new HashSet(l); - for(int i=0;i readStringList(DataInputStream is, byte[] buff) throws IOException { - int l = is.readInt(); - if(l<0) { - return null; - } - List list = new ArrayList(l); - for(int i=0;i map) throws IOException { - if(map==null) { - os.writeInt(-1); - } else { - Set> es = map.entrySet(); - os.writeInt(es.size()); - for(Entry e : es) { - writeString(os, e.getKey()); - writeString(os, e.getValue()); - } - } - - } - - public static Map readStringMap(DataInputStream is, byte[] buff) throws IOException { - int l = is.readInt(); - if(l<0) { - return null; - } - Map map = new HashMap(l); - for(int i=0;iversion) { - throw new IOException("Unsupported Data Version: " + v); - } - return v; - } - -} - diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Streamer.java b/authz-cass/src/main/java/org/onap/aaf/dao/Streamer.java deleted file mode 100644 index f645dd6d..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Streamer.java +++ /dev/null @@ -1,32 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; - -public interface Streamer { - public abstract void marshal(DATA data, DataOutputStream os) throws IOException; - public abstract void unmarshal(DATA data, DataInputStream is) throws IOException; -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/Touchable.java b/authz-cass/src/main/java/org/onap/aaf/dao/Touchable.java deleted file mode 100644 index dc3ab052..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/Touchable.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -public interface Touchable { - // Or make all DAOs accept list of CIDAOs... -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCertDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCertDAO.java deleted file mode 100644 index 567bd062..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCertDAO.java +++ /dev/null @@ -1,55 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.CertDAO; - -public class CachedCertDAO extends CachedDAO { - public CachedCertDAO(CertDAO dao, CIDAO info) { - super(dao, info, CertDAO.CACHE_SEG); - } - - /** - * Pass through Cert ID Lookup - * - * @param trans - * @param ns - * @return - */ - - public Result> readID(AuthzTrans trans, final String id) { - return dao().readID(trans, id); - } - - public Result> readX500(AuthzTrans trans, final String x500) { - return dao().readX500(trans, x500); - } - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCredDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCredDAO.java deleted file mode 100644 index 14675039..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedCredDAO.java +++ /dev/null @@ -1,67 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.Status; - -public class CachedCredDAO extends CachedDAO { - public CachedCredDAO(CredDAO dao, CIDAO info) { - super(dao, info, CredDAO.CACHE_SEG); - } - - /** - * Pass through Cred Lookup - * - * Unlike Role and Perm, we don't need or want to cache these elements... Only used for NS Delete. - * - * @param trans - * @param ns - * @return - */ - public Result> readNS(AuthzTrans trans, final String ns) { - - return dao().readNS(trans, ns); - } - - public Result> readID(AuthzTrans trans, final String id) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao().readID(trans, id); - } - }; - - Result> lurd = get(trans, id, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_UserNotFound,"No User Cred found"); - } - return lurd; - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedNSDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedNSDAO.java deleted file mode 100644 index aae74e25..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedNSDAO.java +++ /dev/null @@ -1,34 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO; - -public class CachedNSDAO extends CachedDAO { - public CachedNSDAO(NsDAO dao, CIDAO info) { - super(dao, info, NsDAO.CACHE_SEG); - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedPermDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedPermDAO.java deleted file mode 100644 index 7d4c7fe3..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedPermDAO.java +++ /dev/null @@ -1,125 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.PermDAO.Data; - -public class CachedPermDAO extends CachedDAO { - - public CachedPermDAO(PermDAO dao, CIDAO info) { - super(dao, info, PermDAO.CACHE_SEG); - } - - public Result> readNS(AuthzTrans trans, final String ns) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao.readNS(trans, ns); - } - }; - - Result> lurd = get(trans, ns, getter); - if(lurd.isOKhasData()) { - return lurd; - } else { - - } -// if(getter.result==null) { -// if(lurd==null) { - return Result.err(Status.ERR_PermissionNotFound,"No Permission found - " + lurd.details); -// } else { -// return Result.ok(lurd); -// } -// } -// return getter.result; - } - - public Result> readChildren(AuthzTrans trans, final String ns, final String type) { - return dao().readChildren(trans,ns,type); - } - - /** - * - * @param trans - * @param ns - * @param type - * @return - */ - public Result> readByType(AuthzTrans trans, final String ns, final String type) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao.readByType(trans, ns, type); - } - }; - - // Note: Can reuse index1 here, because there is no name collision versus response - Result> lurd = get(trans, ns+'|'+type, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_PermissionNotFound,"No Permission found"); - } - return lurd; - } - - /** - * Add desciption to this permission - * - * @param trans - * @param ns - * @param type - * @param instance - * @param action - * @param description - * @return - */ - public Result addDescription(AuthzTrans trans, String ns, String type, - String instance, String action, String description) { - //TODO Invalidate? - return dao().addDescription(trans, ns, type, instance, action, description); - } - - public Result addRole(AuthzTrans trans, PermDAO.Data perm, RoleDAO.Data role) { - Result rv = dao().addRole(trans,perm,role.encode()); - if(trans.debug().isLoggable()) - trans.debug().log("Adding",role.encode(),"to", perm, "with CachedPermDAO.addRole"); - invalidate(trans,perm); - return rv; - } - - public Result delRole(AuthzTrans trans, Data perm, RoleDAO.Data role) { - Result rv = dao().delRole(trans,perm,role.encode()); - if(trans.debug().isLoggable()) - trans.debug().log("Removing",role.encode(),"from", perm, "with CachedPermDAO.delRole"); - invalidate(trans,perm); - return rv; - } - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedRoleDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedRoleDAO.java deleted file mode 100644 index 788efbe8..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedRoleDAO.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.RoleDAO.Data; - -public class CachedRoleDAO extends CachedDAO { - public CachedRoleDAO(RoleDAO dao, CIDAO info) { - super(dao, info, RoleDAO.CACHE_SEG); - } - - public Result> readNS(AuthzTrans trans, final String ns) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao.readNS(trans, ns); - } - }; - - Result> lurd = get(trans, ns, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_RoleNotFound,"No Role found"); - } - return lurd; - } - - public Result> readName(AuthzTrans trans, final String name) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao().readName(trans, name); - } - }; - - Result> lurd = get(trans, name, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_RoleNotFound,"No Role found"); - } - return lurd; - } - - public Result> readChildren(AuthzTrans trans, final String ns, final String name) { - // At this point, I'm thinking it's better not to try to cache "*" results - // Data probably won't be accurate, and adding it makes every update invalidate most of the cache - // 2/4/2014 - return dao().readChildren(trans,ns,name); - } - - public Result addPerm(AuthzTrans trans, RoleDAO.Data rd, PermDAO.Data perm) { - Result rv = dao().addPerm(trans,rd,perm); - if(trans.debug().isLoggable()) - trans.debug().log("Adding",perm,"to", rd, "with CachedRoleDAO.addPerm"); - invalidate(trans, rd); - return rv; - } - - public Result delPerm(AuthzTrans trans, RoleDAO.Data rd, PermDAO.Data perm) { - Result rv = dao().delPerm(trans,rd,perm); - if(trans.debug().isLoggable()) - trans.debug().log("Removing",perm,"from", rd, "with CachedRoleDAO.addPerm"); - invalidate(trans, rd); - return rv; - } - - /** - * Add description to this role - * - * @param trans - * @param ns - * @param name - * @param description - * @return - */ - public Result addDescription(AuthzTrans trans, String ns, String name, String description) { - //TODO Invalidate? - return dao().addDescription(trans, ns, name, description); - - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedUserRoleDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedUserRoleDAO.java deleted file mode 100644 index 68231ea0..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cached/CachedUserRoleDAO.java +++ /dev/null @@ -1,117 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cached; - -import java.util.ArrayList; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO.Data; - -import org.onap.aaf.inno.env.Slot; - -public class CachedUserRoleDAO extends CachedDAO { - private Slot transURSlot; - - public CachedUserRoleDAO(UserRoleDAO dao, CIDAO info) { - super(dao, info, UserRoleDAO.CACHE_SEG); - transURSlot = dao.transURSlot; - } - - /** - * Special Case. - * User Roles by User are very likely to be called many times in a Transaction, to validate "May User do..." - * Pull result, and make accessible by the Trans, which is always keyed by User. - * @param trans - * @param user - * @return - */ - public Result> readByUser(AuthzTrans trans, final String user) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - // If the call is for THIS user, and it exists, get from TRANS, add to TRANS if not. - if(user!=null && user.equals(trans.user())) { - Result> transLD = trans.get(transURSlot,null); - if(transLD==null ) { - transLD = dao.readByUser(trans, user); - } - return transLD; - } else { - return dao.readByUser(trans, user); - } - } - }; - Result> lurd = get(trans, user, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for [%s]",user); - } - return lurd; - } - - - public Result> readByRole(AuthzTrans trans, final String role) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - return dao.readByRole(trans, role); - } - }; - Result> lurd = get(trans, role, getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for [%s]",role); - } - return lurd; - } - - public Result> readUserInRole(final AuthzTrans trans, final String user, final String role) { - DAOGetter getter = new DAOGetter(trans,dao()) { - public Result> call() { - if(user.equals(trans.user())) { - Result> rrbu = readByUser(trans, user); - if(rrbu.isOK()) { - List ld = new ArrayList(1); - for(Data d : rrbu.value) { - if(d.role.equals(role)) { - ld.add(d); - break; - } - } - return Result.ok(ld).emptyList(ld.isEmpty()); - } else { - return rrbu; - } - } - return dao.readByUserRole(trans, user, role); - } - }; - Result> lurd = get(trans, keyFromObjs(user,role), getter); - if(lurd.isOK() && lurd.isEmpty()) { - return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for role [%s] and user [%s]",role,user); - } - return lurd; - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ApprovalDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ApprovalDAO.java deleted file mode 100644 index dec1c9ae..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ApprovalDAO.java +++ /dev/null @@ -1,206 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; - -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - - -public class ApprovalDAO extends CassDAOImpl { - public static final String PENDING = "pending"; - public static final String DENIED = "denied"; - public static final String APPROVED = "approved"; - - private static final String TABLE = "approval"; - private HistoryDAO historyDAO; - private PSInfo psByUser, psByApprover, psByTicket, psByStatus; - - - public ApprovalDAO(AuthzTrans trans, Cluster cluster, String keyspace) { - super(trans, ApprovalDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = new HistoryDAO(trans, this); - init(trans); - } - - - public ApprovalDAO(AuthzTrans trans, HistoryDAO hDAO) { - super(trans, ApprovalDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO=hDAO; - init(trans); - } - - private static final int KEYLIMIT = 1; - public static class Data { - public UUID id; - public UUID ticket; - public String user; - public String approver; - public String type; - public String status; - public String memo; - public String operation; - public Date updated; - } - - private static class ApprovalLoader extends Loader { - public static final ApprovalLoader deflt = new ApprovalLoader(KEYLIMIT); - - public ApprovalLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.id = row.getUUID(0); - data.ticket = row.getUUID(1); - data.user = row.getString(2); - data.approver = row.getString(3); - data.type = row.getString(4); - data.status = row.getString(5); - data.memo = row.getString(6); - data.operation = row.getString(7); - if(row.getColumnDefinitions().size()>8) { - // Rows reported in MicroSeconds - data.updated = new Date(row.getLong(8)/1000); - } - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.id; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.ticket; - obj[++idx]=data.user; - obj[++idx]=data.approver; - obj[++idx]=data.type; - obj[++idx]=data.status; - obj[++idx]=data.memo; - obj[++idx]=data.operation; - } - } - - private void init(AuthzTrans trans) { - String[] helpers = setCRUD(trans, TABLE, Data.class, ApprovalLoader.deflt,8); - // Need a specialty Creator to handle the "now()" - replace(CRUD.create, new PSInfo(trans, "INSERT INTO " + TABLE + " (" + helpers[FIELD_COMMAS] + - ") VALUES(now(),?,?,?,?,?,?,?)",new ApprovalLoader(0) { - @Override - protected void key(Data data, int idx, Object[] obj) { - // Overridden because key is the "now()" - } - },writeConsistency) - ); - - psByUser = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + - " WHERE user = ?", new ApprovalLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.user; - } - }, readConsistency); - - psByApprover = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + - " WHERE approver = ?", new ApprovalLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.approver; - } - }, readConsistency); - - psByTicket = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + - " WHERE ticket = ?", new ApprovalLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.ticket; - } - }, readConsistency); - - psByStatus = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + - " WHERE status = ?", new ApprovalLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.status; - } - }, readConsistency); - - - } - - public Result> readByUser(AuthzTrans trans, String user) { - return psByUser.read(trans, R_TEXT, new Object[]{user}); - } - - public Result> readByApprover(AuthzTrans trans, String approver) { - return psByApprover.read(trans, R_TEXT, new Object[]{approver}); - } - - public Result> readByTicket(AuthzTrans trans, UUID ticket) { - return psByTicket.read(trans, R_TEXT, new Object[]{ticket}); - } - - public Result> readByStatus(AuthzTrans trans, String status) { - return psByStatus.read(trans, R_TEXT, new Object[]{status}); - } - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject?override[1]:data.user + "|" + data.approver; - hd.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : (modified.name() + "d approval for " + data.user); - // Detail? - // Reconstruct? - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ArtiDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ArtiDAO.java deleted file mode 100644 index bc5532e0..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/ArtiDAO.java +++ /dev/null @@ -1,267 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; - -import org.onap.aaf.inno.env.util.Chrono; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - -/** - * CredDAO manages credentials. - * Date: 7/19/13 - */ -public class ArtiDAO extends CassDAOImpl { - public static final String TABLE = "artifact"; - - private HistoryDAO historyDAO; - private PSInfo psByMechID,psByMachine; - - public ArtiDAO(AuthzTrans trans, Cluster cluster, String keyspace) { - super(trans, ArtiDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - public ArtiDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) { - super(trans, ArtiDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = hDao; - init(trans); - } - - public static final int KEYLIMIT = 2; - public static class Data implements Bytification { - public String mechid; - public String machine; - private Set type; - public String sponsor; - public String ca; - public String dir; - public String appName; - public String os_user; - public String notify; - public Date expires; - public int renewDays; - -// // Getters - public Set type(boolean mutable) { - if (type == null) { - type = new HashSet(); - } else if (mutable && !(type instanceof HashSet)) { - type = new HashSet(type); - } - return type; - } - - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - ArtifactLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - ArtifactLoader.deflt.unmarshal(this, toDIS(bb)); - } - - public String toString() { - return mechid + ' ' + machine + ' ' + Chrono.dateTime(expires); - } - } - - private static class ArtifactLoader extends Loader implements Streamer{ - public static final int MAGIC=95829343; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; // Note: - - public static final ArtifactLoader deflt = new ArtifactLoader(KEYLIMIT); - public ArtifactLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.mechid = row.getString(0); - data.machine = row.getString(1); - data.type = row.getSet(2, String.class); - data.sponsor = row.getString(3); - data.ca = row.getString(4); - data.dir = row.getString(5); - data.appName = row.getString(6); - data.os_user = row.getString(7); - data.notify = row.getString(8); - data.expires = row.getDate(9); - data.renewDays = row.getInt(10); - return data; - } - - @Override - protected void key(final Data data, final int idx, Object[] obj) { - int i; - obj[i=idx] = data.mechid; - obj[++i] = data.machine; - } - - @Override - protected void body(final Data data, final int idx, Object[] obj) { - int i; - obj[i=idx] = data.type; - obj[++i] = data.sponsor; - obj[++i] = data.ca; - obj[++i] = data.dir; - obj[++i] = data.appName; - obj[++i] = data.os_user; - obj[++i] = data.notify; - obj[++i] = data.expires; - obj[++i] = data.renewDays; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.mechid); - writeString(os, data.machine); - os.writeInt(data.type.size()); - for(String s : data.type) { - writeString(os, s); - } - writeString(os, data.sponsor); - writeString(os, data.ca); - writeString(os, data.dir); - writeString(os, data.appName); - writeString(os, data.os_user); - writeString(os, data.notify); - os.writeLong(data.expires==null?-1:data.expires.getTime()); - os.writeInt(data.renewDays); - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.mechid = readString(is,buff); - data.machine = readString(is,buff); - int size = is.readInt(); - data.type = new HashSet(size); - for(int i=0;i> readByMechID(AuthzTrans trans, String mechid) { - return psByMechID.read(trans, R_TEXT, new Object[]{mechid}); - } - - public Result> readByMachine(AuthzTrans trans, String machine) { - return psByMachine.read(trans, R_TEXT, new Object[]{machine}); - } - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject?override[1]: data.mechid; - hd.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : String.format("%sd %s for %s",modified.name(),data.mechid,data.machine); - // Detail? - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize CredDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheInfoDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheInfoDAO.java deleted file mode 100644 index e7cab3ef..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheInfoDAO.java +++ /dev/null @@ -1,464 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URI; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Map.Entry; -import java.util.concurrent.BlockingQueue; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.TimeUnit; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.AbsCassDAO; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; - -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.SecuritySetter; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.http.HMangr; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.Trans; -import com.datastax.driver.core.BoundStatement; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.exceptions.DriverException; - -public class CacheInfoDAO extends CassDAOImpl implements CIDAO { - - private static final String TABLE = "cache"; - public static final Map info = new ConcurrentHashMap(); - - private static CacheUpdate cacheUpdate; - - - private BoundStatement check; - // Hold current time stamps from Tables - private final Date startTime; - - public CacheInfoDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, CacheInfoDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE,readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - startTime = new Date(); - init(trans); - } - - public CacheInfoDAO(AuthzTrans trans, AbsCassDAO aDao) throws APIException, IOException { - super(trans, CacheInfoDAO.class.getSimpleName(),aDao,Data.class,TABLE,readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - startTime = new Date(); - init(trans); - } - - - ////////////////////////////////////////// - // Data Definition, matches Cassandra DM - ////////////////////////////////////////// - private static final int KEYLIMIT = 2; - /** - */ - public static class Data { - public Data() { - name = null; - touched = null; - } - public Data(String name, int seg) { - this.name = name; - this.seg = seg; - touched = null; - } - - public String name; - public int seg; - public Date touched; - } - - private static class InfoLoader extends Loader { - public static final InfoLoader dflt = new InfoLoader(KEYLIMIT); - - public InfoLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - // Int more efficient - data.name = row.getString(0); - data.seg = row.getInt(1); - data.touched = row.getDate(2); - return data; - } - - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx]=data.name; - obj[++idx]=data.seg; - } - - @Override - protected void body(Data data, int idx, Object[] obj) { - obj[idx]=data.touched; - } - } - - public static void startUpdate(AuthzEnv env, HMangr hman, SecuritySetter ss, String ip, int port) { - if(cacheUpdate==null) { - Thread t= new Thread(cacheUpdate = new CacheUpdate(env,hman,ss, ip,port),"CacheInfo Update Thread"); - t.setDaemon(true); - t.start(); - } - } - - public static void stopUpdate() { - if(cacheUpdate!=null) { - cacheUpdate.go=false; - } - } - - private final static class CacheUpdate extends Thread { - public static BlockingQueue notifyDQ = new LinkedBlockingQueue(2000); - - private static final String VOID_CT="application/Void+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"; - private AuthzEnv env; - private HMangr hman; - private SecuritySetter ss; - private final String authority; - public boolean go = true; - - public CacheUpdate(AuthzEnv env, HMangr hman, SecuritySetter ss, String ip, int port) { - this.env = env; - this.hman = hman; - this.ss = ss; - - this.authority = ip+':'+port; - } - - private static class Transfer { - public String table; - public int segs[]; - public Transfer(String table, int[] segs) { - this.table = table; - this.segs = segs; - } - } - private class CacheClear extends Retryable { - public int total=0; - private AuthzTrans trans; - private String type; - private String segs; - - public CacheClear(AuthzTrans trans) { - this.trans = trans; - } - - public void set(Entry es) { - type = es.getKey(); - segs = es.getValue().toString(); - } - - @Override - public Integer code(Rcli client) throws APIException, CadiException { - URI to = client.getURI(); - if(!to.getAuthority().equals(authority)) { - Future f = client.delete("/mgmt/cache/"+type+'/'+segs,VOID_CT); - if(f.get(hman.readTimeout())) { - ++total; - } else { - trans.error().log("Error During AAF Peer Notify",f.code(),f.body()); - } - } - return total; - } - } - - private class IntHolder { - private int[] raw; - HashSet set; - - public IntHolder(int ints[]) { - raw = ints; - set = null; - } - public void add(int[] ints) { - if(set==null) { - set = new HashSet(); - - for(int i=0;i gather = null; - AuthzTrans trans = null; - long start=0; - // Do a block poll first - do { - if(gather==null) { - start = System.nanoTime(); - trans = env.newTransNoAvg(); - cc = new CacheClear(trans); - gather = new HashMap(); - } - IntHolder prev = gather.get(data.table); - if(prev==null) { - gather.put(data.table,new IntHolder(data.segs)); - } else { - prev.add(data.segs); - } - // continue while there is data - } while((data = notifyDQ.poll())!=null); - if(gather!=null) { - for(Entry es : gather.entrySet()) { - cc.set(es); - try { - if(hman.all(ss, cc, false)!=null) { - ++count; - } - } catch (Exception e) { - trans.error().log(e, "Error on Cache Update"); - } - } - if(env.debug().isLoggable()) { - float millis = (System.nanoTime()-start)/1000000f; - StringBuilder sb = new StringBuilder("Direct Cache Refresh: "); - sb.append("Updated "); - sb.append(count); - if(count==1) { - sb.append(" entry for "); - } else { - sb.append(" entries for "); - } - int peers = count<=0?0:cc.total/count; - sb.append(peers); - sb.append(" client"); - if(peers!=1) { - sb.append('s'); - } - sb.append(" in "); - sb.append(millis); - sb.append("ms"); - trans.auditTrail(0, sb, Env.REMOTE); - env.debug().log(sb); - } - } - } catch (InterruptedException e1) { - go = false; - } - } while(go); - } - } - - private void init(AuthzTrans trans) throws APIException, IOException { - - String[] helpers = setCRUD(trans, TABLE, Data.class, InfoLoader.dflt); - check = getSession(trans).prepare(SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE).bind(); - - disable(CRUD.create); - disable(CRUD.delete); - } - - /* (non-Javadoc) - * @see org.onap.aaf.dao.aaf.cass.CIDAO#touch(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, int) - */ - - @Override - public Result touch(AuthzTrans trans, String name, int ... seg) { - ///////////// - // Direct Service Cache Invalidation - ///////////// - // ConcurrentQueues are open-ended. We don't want any Memory leaks - // Note: we keep a separate counter, because "size()" on a Linked Queue is expensive - if(cacheUpdate!=null) { - try { - if(!CacheUpdate.notifyDQ.offer(new CacheUpdate.Transfer(name, seg),2,TimeUnit.SECONDS)) { - trans.error().log("Cache Notify Queue is not accepting messages, bouncing may be appropriate" ); - } - } catch (InterruptedException e) { - trans.error().log("Cache Notify Queue posting was interrupted" ); - } - } - - ///////////// - // Table Based Cache Invalidation (original) - ///////////// - // Note: Save time with multiple Sequence Touches, but PreparedStmt doesn't support IN - StringBuilder start = new StringBuilder("CacheInfoDAO Touch segments "); - start.append(name); - start.append(": "); - StringBuilder sb = new StringBuilder("BEGIN BATCH\n"); - boolean first = true; - for(int s : seg) { - sb.append(UPDATE_SP); - sb.append(TABLE); - sb.append(" SET touched=dateof(now()) WHERE name = '"); - sb.append(name); - sb.append("' AND seg = "); - sb.append(s); - sb.append(";\n"); - if(first) { - first =false; - } else { - start.append(','); - } - start.append(s); - } - sb.append("APPLY BATCH;"); - TimeTaken tt = trans.start(start.toString(),Env.REMOTE); - try { - getSession(trans).executeAsync(sb.toString()); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } finally { - tt.done(); - } - return Result.ok(); - } - - /* (non-Javadoc) - * @see org.onap.aaf.dao.aaf.cass.CIDAO#check(org.onap.aaf.authz.env.AuthzTrans) - */ - @Override - public Result check(AuthzTrans trans) { - ResultSet rs; - TimeTaken tt = trans.start("Check Table Timestamps",Env.REMOTE); - try { - rs = getSession(trans).execute(check); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } finally { - tt.done(); - } - - String lastName = null; - Date[] dates = null; - for(Row row : rs.all()) { - String name = row.getString(0); - int seg = row.getInt(1); - if(!name.equals(lastName)) { - dates = info.get(name); - lastName=name; - } - if(dates==null) { - dates=new Date[seg+1]; - info.put(name,dates); - } else if(dates.length<=seg) { - Date[] temp = new Date[seg+1]; - System.arraycopy(dates, 0, temp, 0, dates.length); - dates = temp; - info.put(name, dates); - } - Date temp = row.getDate(2); - if(dates[seg]==null || dates[seg].before(temp)) { - dates[seg]=temp; - } - } - return Result.ok(); - } - - /* (non-Javadoc) - * @see org.onap.aaf.dao.aaf.cass.CIDAO#get(java.lang.String, int) - */ - @Override - public Date get(AuthzTrans trans, String table, int seg) { - Date[] dates = info.get(table); - if(dates==null) { - dates = new Date[seg+1]; - touch(trans,table, seg); - } else if(dates.length<=seg) { - Date[] temp = new Date[seg+1]; - System.arraycopy(dates, 0, temp, 0, dates.length); - dates = temp; - } - Date rv = dates[seg]; - if(rv==null) { - rv=dates[seg]=startTime; - } - return rv; - } - - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - // Do nothing - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheableData.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheableData.java deleted file mode 100644 index 75648130..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CacheableData.java +++ /dev/null @@ -1,36 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import org.onap.aaf.dao.Cacheable; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CachedDAO; - -public abstract class CacheableData implements Cacheable { - // WARNING: DON'T attempt to add any members here, as it will - // be treated by system as fields expected in Tables - protected int seg(Cached cache, Object ... fields) { - return cache==null?0:cache.invalidate(CachedDAO.keyFromObjs(fields)); - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CertDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CertDAO.java deleted file mode 100644 index 4ed6a3e2..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CertDAO.java +++ /dev/null @@ -1,244 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.nio.ByteBuffer; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; - -import org.onap.aaf.inno.env.APIException; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - -/** - * CredDAO manages credentials. - * Date: 7/19/13 - */ -public class CertDAO extends CassDAOImpl { - public static final String TABLE = "x509"; - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - - private HistoryDAO historyDAO; - private CIDAO infoDAO; - private PSInfo psX500,psID; - - public CertDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, CertDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - public CertDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) throws APIException, IOException { - super(trans, CertDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = hDao; - infoDAO = ciDao; - init(trans); - } - - public static final int KEYLIMIT = 2; - public static class Data extends CacheableData implements Bytification { - - public String ca; - public BigInteger serial; - public String id; - public String x500; - public String x509; - - @Override - public int[] invalidate(Cached cache) { - return new int[] { - seg(cache,ca,serial) - }; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - CertLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - CertLoader.deflt.unmarshal(this, toDIS(bb)); - } - } - - private static class CertLoader extends Loader implements Streamer{ - public static final int MAGIC=85102934; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; // Note: - - public static final CertLoader deflt = new CertLoader(KEYLIMIT); - public CertLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.ca = row.getString(0); - ByteBuffer bb = row.getBytesUnsafe(1); - byte[] bytes = new byte[bb.remaining()]; - bb.get(bytes); - data.serial = new BigInteger(bytes); - data.id = row.getString(2); - data.x500 = row.getString(3); - data.x509 = row.getString(4); - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx] = data.ca; - obj[++idx] = ByteBuffer.wrap(data.serial.toByteArray()); - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx] = data.id; - obj[++idx] = data.x500; - obj[++idx] = data.x509; - - - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.id); - writeString(os, data.x500); - writeString(os, data.x509); - writeString(os, data.ca); - if(data.serial==null) { - os.writeInt(-1); - } else { - byte[] dsba = data.serial.toByteArray(); - int l = dsba.length; - os.writeInt(l); - os.write(dsba,0,l); - } - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.id = readString(is,buff); - data.x500 = readString(is,buff); - data.x509 = readString(is,buff); - data.ca = readString(is,buff); - int i = is.readInt(); - if(i<0) { - data.serial=null; - } else { - byte[] bytes = new byte[i]; // a bit dangerous, but lessened because of all the previous sized data reads - is.read(bytes); - data.serial = new BigInteger(bytes); - } - } - } - - public Result> read(AuthzTrans trans, Object ... key) { - // Translate BigInteger to Byte array for lookup - return super.read(trans, key[0],ByteBuffer.wrap(((BigInteger)key[1]).toByteArray())); - } - - private void init(AuthzTrans trans) throws APIException, IOException { - // Set up sub-DAOs - if(historyDAO==null) { - historyDAO = new HistoryDAO(trans,this); - } - if(infoDAO==null) { - infoDAO = new CacheInfoDAO(trans,this); - } - - String[] helpers = setCRUD(trans, TABLE, Data.class, CertLoader.deflt); - - psID = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE id = ?", CertLoader.deflt,readConsistency); - - psX500 = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE x500 = ?", CertLoader.deflt,readConsistency); - - } - - public Result> readX500(AuthzTrans trans, String x500) { - return psX500.read(trans, R_TEXT, new Object[]{x500}); - } - - public Result> readID(AuthzTrans trans, String id) { - return psID.read(trans, R_TEXT, new Object[]{id}); - } - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject?override[1]: data.id; - hd.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : (modified.name() + "d certificate info for " + data.id); - // Detail? - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize CertDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).status!=Status.OK) { - trans.error().log("Cannot touch Cert"); - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CredDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CredDAO.java deleted file mode 100644 index dad5fdb3..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/CredDAO.java +++ /dev/null @@ -1,258 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.util.Chrono; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - -/** - * CredDAO manages credentials. - * Date: 7/19/13 - */ -public class CredDAO extends CassDAOImpl { - public static final String TABLE = "cred"; - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - public static final int RAW = -1; - public static final int BASIC_AUTH = 1; - public static final int BASIC_AUTH_SHA256 = 2; - public static final int CERT_SHA256_RSA =200; - - private HistoryDAO historyDAO; - private CIDAO infoDAO; - private PSInfo psNS; - private PSInfo psID; - - public CredDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, CredDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - public CredDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) throws APIException, IOException { - super(trans, CredDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = hDao; - infoDAO = ciDao; - init(trans); - } - - public static final int KEYLIMIT = 3; - public static class Data extends CacheableData implements Bytification { - - public String id; - public Integer type; - public Date expires; - public Integer other; - public String ns; - public String notes; - public ByteBuffer cred; // this is a blob in cassandra - - - @Override - public int[] invalidate(Cached cache) { - return new int[] { - seg(cache,id) // cache is for all entities - }; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - CredLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - CredLoader.deflt.unmarshal(this, toDIS(bb)); - } - - public String toString() { - return id + ' ' + type + ' ' + Chrono.dateTime(expires); - } - } - - private static class CredLoader extends Loader implements Streamer{ - public static final int MAGIC=153323443; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; // Note: - - public static final CredLoader deflt = new CredLoader(KEYLIMIT); - public CredLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.id = row.getString(0); - data.type = row.getInt(1); // NOTE: in datastax driver, If the int value is NULL, 0 is returned! - data.expires = row.getDate(2); - data.other = row.getInt(3); - data.ns = row.getString(4); - data.notes = row.getString(5); - data.cred = row.getBytesUnsafe(6); - return data; - } - - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx] = data.id; - obj[++idx] = data.type; - obj[++idx] = data.expires; - } - - @Override - protected void body(Data data, int idx, Object[] obj) { - int i; - obj[i=idx] = data.other; - obj[++i] = data.ns; - obj[++i] = data.notes; - obj[++i] = data.cred; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.id); - os.writeInt(data.type); - os.writeLong(data.expires==null?-1:data.expires.getTime()); - os.writeInt(data.other==null?0:data.other); - writeString(os, data.ns); - writeString(os, data.notes); - if(data.cred==null) { - os.writeInt(-1); - } else { - int l = data.cred.limit()-data.cred.position(); - os.writeInt(l); - os.write(data.cred.array(),data.cred.position(),l); - } - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.id = readString(is,buff); - data.type = is.readInt(); - - long l = is.readLong(); - data.expires = l<0?null:new Date(l); - data.other = is.readInt(); - data.ns = readString(is,buff); - data.notes = readString(is,buff); - - int i = is.readInt(); - if(i<0) { - data.cred=null; - } else { - byte[] bytes = new byte[i]; // a bit dangerous, but lessened because of all the previous sized data reads - is.read(bytes); - data.cred = ByteBuffer.wrap(bytes); - } - } - } - - private void init(AuthzTrans trans) throws APIException, IOException { - // Set up sub-DAOs - if(historyDAO==null) { - historyDAO = new HistoryDAO(trans,this); - } - if(infoDAO==null) { - infoDAO = new CacheInfoDAO(trans,this); - } - - - String[] helpers = setCRUD(trans, TABLE, Data.class, CredLoader.deflt); - - psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns = ?", CredLoader.deflt,readConsistency); - - psID = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE id = ?", CredLoader.deflt,readConsistency); - } - - public Result> readNS(AuthzTrans trans, String ns) { - return psNS.read(trans, R_TEXT, new Object[]{ns}); - } - - public Result> readID(AuthzTrans trans, String id) { - return psID.read(trans, R_TEXT, new Object[]{id}); - } - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject?override[1]: data.id; - hd.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : (modified.name() + "d credential for " + data.id); - // Detail? - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize CredDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).status!=Status.OK) { - trans.error().log("Cannot touch Cred"); - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/DelegateDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/DelegateDAO.java deleted file mode 100644 index 6ff71208..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/DelegateDAO.java +++ /dev/null @@ -1,139 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.AbsCassDAO; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; - -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - -public class DelegateDAO extends CassDAOImpl { - - public static final String TABLE = "delegate"; - private PSInfo psByDelegate; - - public DelegateDAO(AuthzTrans trans, Cluster cluster, String keyspace) { - super(trans, DelegateDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - public DelegateDAO(AuthzTrans trans, AbsCassDAO aDao) { - super(trans, DelegateDAO.class.getSimpleName(),aDao,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - private static final int KEYLIMIT = 1; - public static class Data implements Bytification { - public String user; - public String delegate; - public Date expires; - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - DelegateLoader.dflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - DelegateLoader.dflt.unmarshal(this, toDIS(bb)); - } - } - - private static class DelegateLoader extends Loader implements Streamer{ - public static final int MAGIC=0xD823ACF2; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; - - public static final DelegateLoader dflt = new DelegateLoader(KEYLIMIT); - - public DelegateLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.user = row.getString(0); - data.delegate = row.getString(1); - data.expires = row.getDate(2); - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.user; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx]=data.delegate; - obj[++idx]=data.expires; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.user); - writeString(os, data.delegate); - os.writeLong(data.expires.getTime()); - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.user = readString(is, buff); - data.delegate = readString(is,buff); - data.expires = new Date(is.readLong()); - } - } - - private void init(AuthzTrans trans) { - String[] helpers = setCRUD(trans, TABLE, Data.class, DelegateLoader.dflt); - psByDelegate = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE delegate = ?", new DelegateLoader(1),readConsistency); - - } - - public Result> readByDelegate(AuthzTrans trans, String delegate) { - return psByDelegate.read(trans, R_TEXT, new Object[]{delegate}); - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/FutureDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/FutureDAO.java deleted file mode 100644 index 4fda97a1..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/FutureDAO.java +++ /dev/null @@ -1,183 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.Loader; - -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; - -/** - * FutureDAO stores Construction information to create - * elements at another time. - * - * 8/20/2013 - */ -public class FutureDAO extends CassDAOImpl { - private static final String TABLE = "future"; - private final HistoryDAO historyDAO; -// private static String createString; - private PSInfo psByStartAndTarget; - - public FutureDAO(AuthzTrans trans, Cluster cluster, String keyspace) { - super(trans, FutureDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = new HistoryDAO(trans, this); - init(trans); - } - - public FutureDAO(AuthzTrans trans, HistoryDAO hDAO) { - super(trans, FutureDAO.class.getSimpleName(),hDAO, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO=hDAO; - init(trans); - } - - public static final int KEYLIMIT = 1; - public static class Data { - public UUID id; - public String target; - public String memo; - public Date start; - public Date expires; - public ByteBuffer construct; // this is a blob in cassandra - } - - private static class FLoader extends Loader { - public FLoader() { - super(KEYLIMIT); - } - - public FLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.id = row.getUUID(0); - data.target = row.getString(1); - data.memo = row.getString(2); - data.start = row.getDate(3); - data.expires = row.getDate(4); - data.construct = row.getBytes(5); - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx] = data.id; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx] = data.target; - obj[++idx] = data.memo; - obj[++idx] = data.start; - obj[++idx] = data.expires; - obj[++idx] = data.construct; - } - } - - private void init(AuthzTrans trans) { - // Set up sub-DAOs - String[] helpers = setCRUD(trans, TABLE, Data.class, new FLoader(KEYLIMIT)); - - // Uh, oh. Can't use "now()" in Prepared Statements (at least at this level) -// createString = "INSERT INTO " + TABLE + " ("+helpers[FIELD_COMMAS] +") VALUES (now(),"; -// -// // Need a specialty Creator to handle the "now()" -// replace(CRUD.Create, new PSInfo(trans, "INSERT INTO future (" + helpers[FIELD_COMMAS] + -// ") VALUES(now(),?,?,?,?,?)",new FLoader(0))); - - // Other SELECT style statements... match with a local Method - psByStartAndTarget = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + - " FROM future WHERE start <= ? and target = ? ALLOW FILTERING", new FLoader(2) { - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx]=data.start; - obj[++idx]=data.target; - } - },readConsistency); - - - } - - public Result> readByStartAndTarget(AuthzTrans trans, Date start, String target) throws DAOException { - return psByStartAndTarget.read(trans, R_TEXT, new Object[]{start, target}); - } - - /** - * Override create to add secondary ID to Subject in History, and create Data.ID, if it is null - */ - public Result create(AuthzTrans trans, FutureDAO.Data data, String id) { - // If ID is not set (typical), create one. - if(data.id==null) { - StringBuilder sb = new StringBuilder(trans.user()); - sb.append(data.target); - sb.append(System.currentTimeMillis()); - data.id = UUID.nameUUIDFromBytes(sb.toString().getBytes()); - } - Result rs = createPS.exec(trans, C_TEXT, data); - if(rs.notOK()) { - return Result.err(rs); - } - wasModified(trans, CRUD.create, data, null, id); - return Result.ok(data); - } - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject?override[1]:""; - hd.memo = memo?String.format("%s by %s", override[0], hd.user):data.memo; - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/HistoryDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/HistoryDAO.java deleted file mode 100644 index e72c774a..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/HistoryDAO.java +++ /dev/null @@ -1,237 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.nio.ByteBuffer; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.AbsCassDAO; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; - -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ConsistencyLevel; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; - -/** - * History - * - * - * History is a special case, because we don't want Updates or Deletes... Too likely to mess up history. - * - * 9-9-2013 - Found a problem with using "Prepare". You cannot prepare anything with a "now()" in it, as - * it is evaluated once during the prepare, and kept. That renders any use of "now()" pointless. Therefore - * the Create function needs to be run fresh everytime. - * - * Fixed in Cassandra 1.2.6 https://issues.apache.org/jira/browse/CASSANDRA-5616 - * - */ -public class HistoryDAO extends CassDAOImpl { - private static final String TABLE = "history"; - - public static final SimpleDateFormat monthFormat = new SimpleDateFormat("yyyyMM"); -// private static final SimpleDateFormat dayTimeFormat = new SimpleDateFormat("ddHHmmss"); - - private String[] helpers; - - private HistLoader defLoader; - - private AbsCassDAO.PSInfo readByUser, readBySubject, readByYRMN; - - public HistoryDAO(AuthzTrans trans, Cluster cluster, String keyspace) { - super(trans, HistoryDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE,ConsistencyLevel.LOCAL_ONE,ConsistencyLevel.ANY); - init(trans); - } - - public HistoryDAO(AuthzTrans trans, AbsCassDAO aDao) { - super(trans, HistoryDAO.class.getSimpleName(),aDao,Data.class,TABLE,ConsistencyLevel.LOCAL_ONE,ConsistencyLevel.ANY); - init(trans); - } - - - private static final int KEYLIMIT = 1; - public static class Data { - public UUID id; - public int yr_mon; - public String user; - public String action; - public String target; - public String subject; - public String memo; -// Map detail = null; -// public Map detail() { -// if(detail == null) { -// detail = new HashMap(); -// } -// return detail; -// } - public ByteBuffer reconstruct; - } - - private static class HistLoader extends Loader { - public HistLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.id = row.getUUID(0); - data.yr_mon = row.getInt(1); - data.user = row.getString(2); - data.action = row.getString(3); - data.target = row.getString(4); - data.subject = row.getString(5); - data.memo = row.getString(6); -// data.detail = row.getMap(6, String.class, String.class); - data.reconstruct = row.getBytes(7); - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.id; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.yr_mon; - obj[++idx]=data.user; - obj[++idx]=data.action; - obj[++idx]=data.target; - obj[++idx]=data.subject; - obj[++idx]=data.memo; -// obj[++idx]=data.detail; - obj[++idx]=data.reconstruct; - } - }; - - private void init(AuthzTrans trans) { - // Loader must match fields order - defLoader = new HistLoader(KEYLIMIT); - helpers = setCRUD(trans, TABLE, Data.class, defLoader); - - // Need a specialty Creator to handle the "now()" - // 9/9/2013 - jg - Just great... now() is evaluated once on Client side, invalidating usage (what point is a now() from a long time in the past? - // Unless this is fixed, we're putting in non-prepared statement - // Solved in Cassandra. Make sure you are running 1.2.6 Cassandra or later. https://issues.apache.org/jira/browse/CASSANDRA-5616 - replace(CRUD.create, new PSInfo(trans, "INSERT INTO history (" + helpers[FIELD_COMMAS] + - ") VALUES(now(),?,?,?,?,?,?,?)", - new HistLoader(0) { - @Override - protected void key(Data data, int idx, Object[] obj) { - } - },writeConsistency) - ); -// disable(CRUD.Create); - - replace(CRUD.read, new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + - " FROM history WHERE id = ?", defLoader,readConsistency) -// new HistLoader(2) { -// @Override -// protected void key(Data data, int idx, Object[] obj) { -// obj[idx]=data.yr_mon; -// obj[++idx]=data.id; -// } -// }) - ); - disable(CRUD.update); - disable(CRUD.delete); - - readByUser = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + - " FROM history WHERE user = ?", defLoader,readConsistency); - readBySubject = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + - " FROM history WHERE subject = ? and target = ? ALLOW FILTERING", defLoader,readConsistency); - readByYRMN = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + - " FROM history WHERE yr_mon = ?", defLoader,readConsistency); - async(true); //TODO dropping messages with Async - } - - public static Data newInitedData() { - Data data = new Data(); - Date now = new Date(); - data.yr_mon = Integer.parseInt(monthFormat.format(now)); - // data.day_time = Integer.parseInt(dayTimeFormat.format(now)); - return data; - } - - public Result> readByYYYYMM(AuthzTrans trans, int yyyymm) { - Result rs = readByYRMN.exec(trans, "yr_mon", yyyymm); - if(rs.notOK()) { - return Result.err(rs); - } - return extract(defLoader,rs.value,null,dflt); - } - - /** - * Gets the history for a user in the specified year and month - * year - the year in yyyy format - * month - the month in a year ...values 1 - 12 - **/ - public Result> readByUser(AuthzTrans trans, String user, int ... yyyymm) { - if(yyyymm.length==0) { - return Result.err(Status.ERR_BadData, "No or invalid yyyymm specified"); - } - Result rs = readByUser.exec(trans, "user", user); - if(rs.notOK()) { - return Result.err(rs); - } - return extract(defLoader,rs.value,null,yyyymm.length>0?new YYYYMM(yyyymm):dflt); - } - - public Result> readBySubject(AuthzTrans trans, String subject, String target, int ... yyyymm) { - if(yyyymm.length==0) { - return Result.err(Status.ERR_BadData, "No or invalid yyyymm specified"); - } - Result rs = readBySubject.exec(trans, "subject", subject, target); - if(rs.notOK()) { - return Result.err(rs); - } - return extract(defLoader,rs.value,null,yyyymm.length>0?new YYYYMM(yyyymm):dflt); - } - - private class YYYYMM implements Accept { - private int[] yyyymm; - public YYYYMM(int yyyymm[]) { - this.yyyymm = yyyymm; - } - @Override - public boolean ok(Data data) { - int dym = data.yr_mon; - for(int ym:yyyymm) { - if(dym==ym) { - return true; - } - } - return false; - } - - }; - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Namespace.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Namespace.java deleted file mode 100644 index 98c46165..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Namespace.java +++ /dev/null @@ -1,151 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.ArrayList; -import java.util.List; -import java.util.Map.Entry; - -import org.onap.aaf.cssa.rserv.Pair; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; - - -public class Namespace implements Bytification { - public static final int MAGIC=250935515; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; - - public String name; - public List owner; - public List admin; - public List> attrib; - public String description; - public Integer type; - public String parent; - public Namespace() {} - - public Namespace(NsDAO.Data ndd) { - name = ndd.name; - description = ndd.description; - type = ndd.type; - parent = ndd.parent; - if(ndd.attrib!=null && !ndd.attrib.isEmpty()) { - attrib = new ArrayList>(); - for( Entry entry : ndd.attrib.entrySet()) { - attrib.add(new Pair(entry.getKey(),entry.getValue())); - } - } - } - - public Namespace(NsDAO.Data ndd,List owner, List admin) { - name = ndd.name; - this.owner = owner; - this.admin = admin; - description = ndd.description; - type = ndd.type; - parent = ndd.parent; - if(ndd.attrib!=null && !ndd.attrib.isEmpty()) { - attrib = new ArrayList>(); - for( Entry entry : ndd.attrib.entrySet()) { - attrib.add(new Pair(entry.getKey(),entry.getValue())); - } - } - } - - public NsDAO.Data data() { - NsDAO.Data ndd = new NsDAO.Data(); - ndd.name = name; - ndd.description = description; - ndd.parent = parent; - ndd.type = type; - return ndd; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - DataOutputStream os = new DataOutputStream(baos); - - Loader.writeHeader(os,MAGIC,VERSION); - Loader.writeString(os, name); - os.writeInt(type); - Loader.writeStringSet(os,admin); - Loader.writeStringSet(os,owner); - Loader.writeString(os,description); - Loader.writeString(os,parent); - - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - DataInputStream is = CassDAOImpl.toDIS(bb); - /*int version = */Loader.readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - - byte[] buff = new byte[BUFF_SIZE]; - name = Loader.readString(is, buff); - type = is.readInt(); - admin = Loader.readStringList(is,buff); - owner = Loader.readStringList(is,buff); - description = Loader.readString(is,buff); - parent = Loader.readString(is,buff); - - } - - /* (non-Javadoc) - * @see java.lang.Object#hashCode() - */ - @Override - public int hashCode() { - return name.hashCode(); - } - - - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return name.toString(); - } - - /* (non-Javadoc) - * @see java.lang.Object#equals(java.lang.Object) - */ - @Override - public boolean equals(Object arg0) { - if(arg0==null || !(arg0 instanceof Namespace)) { - return false; - } - return name.equals(((Namespace)arg0).name); - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsDAO.java deleted file mode 100644 index 9e181955..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsDAO.java +++ /dev/null @@ -1,542 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; - -import java.util.Set; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.exceptions.DriverException; - -/** - * NsDAO - * - * Data Access Object for Namespace Data - * - */ -public class NsDAO extends CassDAOImpl { - public static final String TABLE = "ns"; - public static final String TABLE_ATTRIB = "ns_attrib"; - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - public static final int ROOT = 1; - public static final int COMPANY=2; - public static final int APP = 3; - - private static final String BEGIN_BATCH = "BEGIN BATCH\n"; - private static final String APPLY_BATCH = "APPLY BATCH;\n"; - private static final String SQSCCR = "';\n"; - private static final String SQCSQ = "','"; - - private HistoryDAO historyDAO; - private CacheInfoDAO infoDAO; - private PSInfo psNS; - - public NsDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, NsDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - } - - public NsDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO iDAO) throws APIException, IOException { - super(trans, NsDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO=hDAO; - infoDAO = iDAO; - init(trans); - } - - - ////////////////////////////////////////// - // Data Definition, matches Cassandra DM - ////////////////////////////////////////// - private static final int KEYLIMIT = 1; - /** - * Data class that matches the Cassandra Table "role" - * - */ - public static class Data extends CacheableData implements Bytification { - public String name; - public int type; - public String description; - public String parent; - public Map attrib; - -// //////////////////////////////////////// -// // Getters - public Map attrib(boolean mutable) { - if (attrib == null) { - attrib = new HashMap(); - } else if (mutable && !(attrib instanceof HashMap)) { - attrib = new HashMap(attrib); - } - return attrib; - } - - @Override - public int[] invalidate(Cached cache) { - return new int[] { - seg(cache,name) - }; - } - - public NsSplit split(String name) { - return new NsSplit(this,name); - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - NSLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - NSLoader.deflt.unmarshal(this,toDIS(bb)); - } - - @Override - public String toString() { - return name; - } - - } - - private void init(AuthzTrans trans) throws APIException, IOException { - // Set up sub-DAOs - if(historyDAO==null) { - historyDAO = new HistoryDAO(trans, this); - } - if(infoDAO==null) { - infoDAO = new CacheInfoDAO(trans,this); - } - - String[] helpers = setCRUD(trans, TABLE, Data.class, NSLoader.deflt,4/*need to skip attrib */); - - psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE parent = ?", new NSLoader(1),readConsistency); - - } - - private static final class NSLoader extends Loader implements Streamer { - public static final int MAGIC=250935515; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; - - public static final NSLoader deflt = new NSLoader(KEYLIMIT); - - public NSLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - // Int more efficient - data.name = row.getString(0); - data.type = row.getInt(1); - data.description = row.getString(2); - data.parent = row.getString(3); - return data; - } - - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.name; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - - obj[idx]=data.type; - obj[++idx]=data.description; - obj[++idx]=data.parent; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.name); - os.writeInt(data.type); - writeString(os,data.description); - writeString(os,data.parent); - if(data.attrib==null) { - os.writeInt(-1); - } else { - os.writeInt(data.attrib.size()); - for(Entry es : data.attrib(false).entrySet()) { - writeString(os,es.getKey()); - writeString(os,es.getValue()); - } - } - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - - byte[] buff = new byte[BUFF_SIZE]; - data.name = readString(is, buff); - data.type = is.readInt(); - data.description = readString(is,buff); - data.parent = readString(is,buff); - int count = is.readInt(); - if(count>0) { - Map da = data.attrib(true); - for(int i=0;i create(AuthzTrans trans, Data data) { - String ns = data.name; - // Ensure Parent is set - int ldot = ns.lastIndexOf('.'); - data.parent=ldot<0?".":ns.substring(0,ldot); - - // insert Attributes - StringBuilder stmt = new StringBuilder(); - stmt.append(BEGIN_BATCH); - attribInsertStmts(stmt, data); - stmt.append(APPLY_BATCH); - try { - getSession(trans).execute(stmt.toString()); -//// TEST CODE for Exception -// boolean force = true; -// if(force) { -// throw new com.datastax.driver.core.exceptions.NoHostAvailableException(new HashMap()); -//// throw new com.datastax.driver.core.exceptions.AuthenticationException(new InetSocketAddress(9999),"Sample Message"); -// } -////END TEST CODE - - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - trans.info().log(stmt); - return Result.err(Result.ERR_Backend, "Backend Access"); - } - return super.create(trans, data); - } - - @Override - public Result update(AuthzTrans trans, Data data) { - String ns = data.name; - // Ensure Parent is set - int ldot = ns.lastIndexOf('.'); - data.parent=ldot<0?".":ns.substring(0,ldot); - - StringBuilder stmt = new StringBuilder(); - stmt.append(BEGIN_BATCH); - try { - Map localAttr = data.attrib; - Result> rremoteAttr = readAttribByNS(trans,ns); - if(rremoteAttr.notOK()) { - return Result.err(rremoteAttr); - } - // update Attributes - String str; - for(Entry es : localAttr.entrySet()) { - str = rremoteAttr.value.get(es.getKey()); - if(str==null || !str.equals(es.getValue())) { - attribInsertStmt(stmt, ns, es.getKey(),es.getValue()); - } - } - - // No point in deleting... insert overwrites... -// for(Entry es : remoteAttr.entrySet()) { -// str = localAttr.get(es.getKey()); -// if(str==null || !str.equals(es.getValue())) { -// attribDeleteStmt(stmt, ns, es.getKey()); -// } -// } - if(stmt.length()>BEGIN_BATCH.length()) { - stmt.append(APPLY_BATCH); - getSession(trans).execute(stmt.toString()); - } - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - trans.info().log(stmt); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - return super.update(trans,data); - } - - /* (non-Javadoc) - * @see org.onap.aaf.dao.CassDAOImpl#read(org.onap.aaf.inno.env.TransStore, java.lang.Object) - */ - @Override - public Result> read(AuthzTrans trans, Data data) { - Result> rld = super.read(trans, data); - - if(rld.isOKhasData()) { - for(Data d : rld.value) { - // Note: Map is null at this point, save time/mem by assignment - Result> rabn = readAttribByNS(trans,d.name); - if(rabn.isOK()) { - d.attrib = rabn.value; - } else { - return Result.err(rabn); - } - } - } - return rld; - } - - /* (non-Javadoc) - * @see org.onap.aaf.dao.CassDAOImpl#read(org.onap.aaf.inno.env.TransStore, java.lang.Object[]) - */ - @Override - public Result> read(AuthzTrans trans, Object... key) { - Result> rld = super.read(trans, key); - - if(rld.isOKhasData()) { - for(Data d : rld.value) { - // Note: Map is null at this point, save time/mem by assignment - Result> rabn = readAttribByNS(trans,d.name); - if(rabn.isOK()) { - d.attrib = rabn.value; - } else { - return Result.err(rabn); - } - } - } - return rld; - } - - @Override - public Result delete(AuthzTrans trans, Data data, boolean reread) { - TimeTaken tt = trans.start("Delete NS Attributes " + data.name, Env.REMOTE); - try { - StringBuilder stmt = new StringBuilder(); - attribDeleteAllStmt(stmt, data); - try { - getSession(trans).execute(stmt.toString()); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - trans.info().log(stmt); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - } finally { - tt.done(); - } - return super.delete(trans, data, reread); - - } - - public Result> readAttribByNS(AuthzTrans trans, String ns) { - Map map = new HashMap(); - TimeTaken tt = trans.start("readAttribByNS " + ns, Env.REMOTE); - try { - ResultSet rs = getSession(trans).execute("SELECT key,value FROM " - + TABLE_ATTRIB - + " WHERE ns='" - + ns - + "';"); - - for(Iterator iter = rs.iterator();iter.hasNext(); ) { - Row r = iter.next(); - map.put(r.getString(0), r.getString(1)); - } - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } finally { - tt.done(); - } - return Result.ok(map); - } - - public Result> readNsByAttrib(AuthzTrans trans, String key) { - Set set = new HashSet(); - TimeTaken tt = trans.start("readNsBykey " + key, Env.REMOTE); - try { - ResultSet rs = getSession(trans).execute("SELECT ns FROM " - + TABLE_ATTRIB - + " WHERE key='" - + key - + "';"); - - for(Iterator iter = rs.iterator();iter.hasNext(); ) { - Row r = iter.next(); - set.add(r.getString(0)); - } - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } finally { - tt.done(); - } - return Result.ok(set); - } - - public Result attribAdd(AuthzTrans trans, String ns, String key, String value) { - try { - getSession(trans).execute(attribInsertStmt(new StringBuilder(),ns,key,value).toString()); - return Result.ok(); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - } - - private StringBuilder attribInsertStmt(StringBuilder sb, String ns, String key, String value) { - sb.append("INSERT INTO "); - sb.append(TABLE_ATTRIB); - sb.append(" (ns,key,value) VALUES ('"); - sb.append(ns); - sb.append(SQCSQ); - sb.append(key); - sb.append(SQCSQ); - sb.append(value); - sb.append("');"); - return sb; - } - - public Result attribRemove(AuthzTrans trans, String ns, String key) { - try { - getSession(trans).execute(attribDeleteStmt(new StringBuilder(),ns,key).toString()); - return Result.ok(); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - } - - private StringBuilder attribDeleteStmt(StringBuilder stmt, String ns, String key) { - stmt.append("DELETE FROM "); - stmt.append(TABLE_ATTRIB); - stmt.append(" WHERE ns='"); - stmt.append(ns); - stmt.append("' AND key='"); - stmt.append(key); - stmt.append("';"); - return stmt; - } - - private void attribDeleteAllStmt(StringBuilder stmt, Data data) { - stmt.append(" DELETE FROM "); - stmt.append(TABLE_ATTRIB); - stmt.append(" WHERE ns='"); - stmt.append(data.name); - stmt.append(SQSCCR); - } - - private void attribInsertStmts(StringBuilder stmt, Data data) { - // INSERT new Attrib - for(Entry es : data.attrib(false).entrySet() ) { - stmt.append(" "); - attribInsertStmt(stmt,data.name,es.getKey(),es.getValue()); - } - } - - /** - * Add description to Namespace - * @param trans - * @param ns - * @param description - * @return - */ - public Result addDescription(AuthzTrans trans, String ns, String description) { - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" - + description + "' WHERE name = '" + ns + "';"); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - Data data = new Data(); - data.name=ns; - wasModified(trans, CRUD.update, data, "Added description " + description + " to namespace " + ns, null ); - return Result.ok(); - } - - public Result> getChildren(AuthzTrans trans, String parent) { - return psNS.read(trans, R_TEXT, new Object[]{parent}); - } - - - /** - * Log Modification statements to History - * - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - //TODO Must log history - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject ? override[1] : data.name; - hd.memo = memo ? override[0] : (data.name + " was " + modified.name() + 'd' ); - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize NsDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) { - trans.error().log("Cannot touch CacheInfo"); - } - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsSplit.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsSplit.java deleted file mode 100644 index 21e57287..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsSplit.java +++ /dev/null @@ -1,62 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -public class NsSplit { - public final String ns; - public final String name; - public final NsDAO.Data nsd; - - public NsSplit(NsDAO.Data nsd, String child) { - this.nsd = nsd; - if(child.startsWith(nsd.name)) { - ns = nsd.name; - int dot = ns.length(); - if(dot=0) { - nsd.parent = ns.substring(0, dot); - } else { - nsd.parent = "."; - } - } - - public boolean isOK() { - return ns!=null && name !=null; - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsType.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsType.java deleted file mode 100644 index c098acb1..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/NsType.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -/** - * Defines the Type Codes in the NS Table. - * - */ -public enum NsType { - UNKNOWN (-1), - DOT (0), - ROOT (1), - COMPANY (2), - APP (3), - STACKED_APP (10), - STACK (11); - - public final int type; - private NsType(int t) { - type = t; - } - /** - * This is not the Ordinal, but the Type that is stored in NS Tables - * - * @param t - * @return - */ - public static NsType fromType(int t) { - for(NsType nst : values()) { - if(t==nst.type) { - return nst; - } - } - return UNKNOWN; - } - - /** - * Use this one rather than "valueOf" to avoid Exception - * @param s - * @return - */ - public static NsType fromString(String s) { - if(s!=null) { - for(NsType nst : values()) { - if(nst.name().equals(s)) { - return nst; - } - } - } - return UNKNOWN; - } - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/PermDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/PermDAO.java deleted file mode 100644 index e0b368f5..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/PermDAO.java +++ /dev/null @@ -1,502 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.util.Split; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.exceptions.DriverException; - -public class PermDAO extends CassDAOImpl { - - public static final String TABLE = "perm"; - - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - private static final String STAR = "*"; - - private final HistoryDAO historyDAO; - private final CacheInfoDAO infoDAO; - - private PSInfo psNS, psChildren, psByType; - - public PermDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, PermDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - init(trans); - historyDAO = new HistoryDAO(trans, this); - infoDAO = new CacheInfoDAO(trans,this); - } - - public PermDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) { - super(trans, PermDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = hDAO; - infoDAO=ciDAO; - init(trans); - } - - - private static final int KEYLIMIT = 4; - public static class Data extends CacheableData implements Bytification { - public String ns; - public String type; - public String instance; - public String action; - public Set roles; - public String description; - - public Data() {} - - public Data(NsSplit nss, String instance, String action) { - ns = nss.ns; - type = nss.name; - this.instance = instance; - this.action = action; - } - - public String fullType() { - return ns + '.' + type; - } - - public String fullPerm() { - return ns + '.' + type + '|' + instance + '|' + action; - } - - public String encode() { - return ns + '|' + type + '|' + instance + '|' + action; - } - - /** - * Decode Perm String, including breaking into appropriate Namespace - * - * @param trans - * @param q - * @param p - * @return - */ - public static Result decode(AuthzTrans trans, Question q, String p) { - String[] ss = Split.splitTrim('|', p,4); - if(ss[2]==null) { - return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'"); - } - Data data = new Data(); - if(ss[3]==null) { // older 3 part encoding must be evaluated for NS - Result nss = q.deriveNsSplit(trans, ss[0]); - if(nss.notOK()) { - return Result.err(nss); - } - data.ns=nss.value.ns; - data.type=nss.value.name; - data.instance=ss[1]; - data.action=ss[2]; - } else { // new 4 part encoding - data.ns=ss[0]; - data.type=ss[1]; - data.instance=ss[2]; - data.action=ss[3]; - } - return Result.ok(data); - } - - /** - * Decode Perm String, including breaking into appropriate Namespace - * - * @param trans - * @param q - * @param p - * @return - */ - public static Result decodeToArray(AuthzTrans trans, Question q, String p) { - String[] ss = Split.splitTrim('|', p,4); - if(ss[2]==null) { - return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'"); - } - - if(ss[3]==null) { // older 3 part encoding must be evaluated for NS - ss[3] = ss[2]; - ss[2] = ss[1]; - Result nss = q.deriveNsSplit(trans, ss[0]); - if(nss.notOK()) { - return Result.err(nss); - } - ss[1] = nss.value.name; - ss[0] = nss.value.ns; - } - return Result.ok(ss); - } - - public static Data create(NsDAO.Data ns, String name) { - NsSplit nss = new NsSplit(ns,name); - Data rv = new Data(); - rv.ns = nss.ns; - String[] s = nss.name.split("\\|"); - switch(s.length) { - case 3: - rv.type=s[0]; - rv.instance=s[1]; - rv.action=s[2]; - break; - case 2: - rv.type=s[0]; - rv.instance=s[1]; - rv.action=STAR; - break; - default: - rv.type=s[0]; - rv.instance = STAR; - rv.action = STAR; - } - return rv; - } - - public static Data create(AuthzTrans trans, Question q, String name) { - String[] s = name.split("\\|"); - Result rdns = q.deriveNsSplit(trans, s[0]); - Data rv = new PermDAO.Data(); - if(rdns.isOKhasData()) { - switch(s.length) { - case 3: - rv.type=s[1]; - rv.instance=s[2]; - rv.action=s[3]; - break; - case 2: - rv.type=s[1]; - rv.instance=s[2]; - rv.action=STAR; - break; - default: - rv.type=s[1]; - rv.instance = STAR; - rv.action = STAR; - } - } - return rv; - } - - //////////////////////////////////////// - // Getters - public Set roles(boolean mutable) { - if (roles == null) { - roles = new HashSet(); - } else if (mutable && !(roles instanceof HashSet)) { - roles = new HashSet(roles); - } - return roles; - } - - @Override - public int[] invalidate(Cached cache) { - return new int[] { - seg(cache,ns), - seg(cache,ns,type), - seg(cache,ns,type,STAR), - seg(cache,ns,type,instance,action) - }; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - PermLoader.deflt.marshal(this, new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - PermLoader.deflt.unmarshal(this, toDIS(bb)); - } - - @Override - public String toString() { - return encode(); - } - } - - private static class PermLoader extends Loader implements Streamer { - public static final int MAGIC=283939453; - public static final int VERSION=1; - public static final int BUFF_SIZE=96; - - public static final PermLoader deflt = new PermLoader(KEYLIMIT); - - public PermLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - // Int more efficient Match "fields" string - data.ns = row.getString(0); - data.type = row.getString(1); - data.instance = row.getString(2); - data.action = row.getString(3); - data.roles = row.getSet(4,String.class); - data.description = row.getString(5); - return data; - } - - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.ns; - obj[++idx]=data.type; - obj[++idx]=data.instance; - obj[++idx]=data.action; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.roles; - obj[++idx]=data.description; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.ns); - writeString(os, data.type); - writeString(os, data.instance); - writeString(os, data.action); - writeStringSet(os, data.roles); - writeString(os, data.description); - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.ns = readString(is, buff); - data.type = readString(is,buff); - data.instance = readString(is,buff); - data.action = readString(is,buff); - data.roles = readStringSet(is,buff); - data.description = readString(is,buff); - } - } - - private void init(AuthzTrans trans) { - // the 3 is the number of key fields - String[] helpers = setCRUD(trans, TABLE, Data.class, PermLoader.deflt); - - // Other SELECT style statements... match with a local Method - psByType = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns = ? AND type = ?", new PermLoader(2) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.type; - } - },readConsistency); - - psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns = ?", new PermLoader(1),readConsistency); - - psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns=? AND type > ? AND type < ?", - new PermLoader(3) { - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx] = data.ns; - obj[++idx]=data.type + DOT; - obj[++idx]=data.type + DOT_PLUS_ONE; - } - },readConsistency); - - } - - - /** - * Add a single Permission to the Role's Permission Collection - * - * @param trans - * @param roleFullName - * @param perm - * @param type - * @param action - * @return - */ - public Result addRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) { - // Note: Prepared Statements for Collection updates aren't supported - //ResultSet rv = - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles + {'" + roleFullName + "'} " + - "WHERE " + - "ns = '" + perm.ns + "' AND " + - "type = '" + perm.type + "' AND " + - "instance = '" + perm.instance + "' AND " + - "action = '" + perm.action + "';" - ); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - wasModified(trans, CRUD.update, perm, "Added role " + roleFullName + " to perm " + - perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action); - return Result.ok(); - } - - /** - * Remove a single Permission from the Role's Permission Collection - * @param trans - * @param roleFullName - * @param perm - * @param type - * @param action - * @return - */ - public Result delRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) { - // Note: Prepared Statements for Collection updates aren't supported - //ResultSet rv = - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles - {'" + roleFullName + "'} " + - "WHERE " + - "ns = '" + perm.ns + "' AND " + - "type = '" + perm.type + "' AND " + - "instance = '" + perm.instance + "' AND " + - "action = '" + perm.action + "';" - ); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - //TODO how can we tell when it doesn't? - wasModified(trans, CRUD.update, perm, "Removed role " + roleFullName + " from perm " + - perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action); - return Result.ok(); - } - - - - /** - * Additional method: - * Select all Permissions by Name - * - * @param name - * @return - * @throws DAOException - */ - public Result> readByType(AuthzTrans trans, String ns, String type) { - return psByType.read(trans, R_TEXT, new Object[]{ns, type}); - } - - public Result> readChildren(AuthzTrans trans, String ns, String type) { - return psChildren.read(trans, R_TEXT, new Object[]{ns, type+DOT, type + DOT_PLUS_ONE}); - } - - public Result> readNS(AuthzTrans trans, String ns) { - return psNS.read(trans, R_TEXT, new Object[]{ns}); - } - - /** - * Add description to this permission - * - * @param trans - * @param ns - * @param type - * @param instance - * @param action - * @param description - * @return - */ - public Result addDescription(AuthzTrans trans, String ns, String type, - String instance, String action, String description) { - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" - + description + "' WHERE ns = '" + ns + "' AND type = '" + type + "'" - + "AND instance = '" + instance + "' AND action = '" + action + "';"); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - Data data = new Data(); - data.ns=ns; - data.type=type; - data.instance=instance; - data.action=action; - wasModified(trans, CRUD.update, data, "Added description " + description + " to permission " - + data.encode(), null ); - return Result.ok(); - } - - /** - * Log Modification statements to History - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - // Need to update history - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject ? override[1] : data.fullType(); - if (memo) { - hd.memo = String.format("%s", override[0]); - } else { - hd.memo = String.format("%sd %s|%s|%s", modified.name(),data.fullType(),data.instance,data.action); - } - - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize PermDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) { - trans.error().log("Cannot touch CacheInfo"); - } - } -} - diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/RoleDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/RoleDAO.java deleted file mode 100644 index 5b0190e9..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/RoleDAO.java +++ /dev/null @@ -1,412 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.util.Split; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.exceptions.DriverException; - -public class RoleDAO extends CassDAOImpl { - - public static final String TABLE = "role"; - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - - private final HistoryDAO historyDAO; - private final CacheInfoDAO infoDAO; - - private PSInfo psChildren, psNS, psName; - - public RoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, RoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - // Set up sub-DAOs - historyDAO = new HistoryDAO(trans, this); - infoDAO = new CacheInfoDAO(trans,this); - init(trans); - } - - public RoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) { - super(trans, RoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - historyDAO = hDAO; - infoDAO = ciDAO; - init(trans); - } - - - ////////////////////////////////////////// - // Data Definition, matches Cassandra DM - ////////////////////////////////////////// - private static final int KEYLIMIT = 2; - /** - * Data class that matches the Cassandra Table "role" - */ - public static class Data extends CacheableData implements Bytification { - public String ns; - public String name; - public Set perms; - public String description; - - //////////////////////////////////////// - // Getters - public Set perms(boolean mutable) { - if (perms == null) { - perms = new HashSet(); - } else if (mutable && !(perms instanceof HashSet)) { - perms = new HashSet(perms); - } - return perms; - } - - public static Data create(NsDAO.Data ns, String name) { - NsSplit nss = new NsSplit(ns,name); - RoleDAO.Data rv = new Data(); - rv.ns = nss.ns; - rv.name=nss.name; - return rv; - } - - public String fullName() { - return ns + '.' + name; - } - - public String encode() { - return ns + '|' + name; - } - - /** - * Decode Perm String, including breaking into appropriate Namespace - * - * @param trans - * @param q - * @param r - * @return - */ - public static Result decode(AuthzTrans trans, Question q, String r) { - String[] ss = Split.splitTrim('|', r,2); - Data data = new Data(); - if(ss[1]==null) { // older 1 part encoding must be evaluated for NS - Result nss = q.deriveNsSplit(trans, ss[0]); - if(nss.notOK()) { - return Result.err(nss); - } - data.ns=nss.value.ns; - data.name=nss.value.name; - } else { // new 4 part encoding - data.ns=ss[0]; - data.name=ss[1]; - } - return Result.ok(data); - } - - /** - * Decode from UserRole Data - * @param urdd - * @return - */ - public static RoleDAO.Data decode(UserRoleDAO.Data urdd) { - RoleDAO.Data rd = new RoleDAO.Data(); - rd.ns = urdd.ns; - rd.name = urdd.rname; - return rd; - } - - - /** - * Decode Perm String, including breaking into appropriate Namespace - * - * @param trans - * @param q - * @param p - * @return - */ - public static Result decodeToArray(AuthzTrans trans, Question q, String p) { - String[] ss = Split.splitTrim('|', p,2); - if(ss[1]==null) { // older 1 part encoding must be evaluated for NS - Result nss = q.deriveNsSplit(trans, ss[0]); - if(nss.notOK()) { - return Result.err(nss); - } - ss[0] = nss.value.ns; - ss[1] = nss.value.name; - } - return Result.ok(ss); - } - - @Override - public int[] invalidate(Cached cache) { - return new int[] { - seg(cache,ns,name), - seg(cache,ns), - seg(cache,name), - }; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - RoleLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - RoleLoader.deflt.unmarshal(this, toDIS(bb)); - } - - @Override - public String toString() { - return ns + '.' + name; - } - } - - private static class RoleLoader extends Loader implements Streamer { - public static final int MAGIC=923577343; - public static final int VERSION=1; - public static final int BUFF_SIZE=96; - - public static final RoleLoader deflt = new RoleLoader(KEYLIMIT); - - public RoleLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - // Int more efficient - data.ns = row.getString(0); - data.name = row.getString(1); - data.perms = row.getSet(2,String.class); - data.description = row.getString(3); - return data; - } - - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.ns; - obj[++idx]=data.name; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.perms; - obj[++idx]=data.description; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - writeString(os, data.ns); - writeString(os, data.name); - writeStringSet(os,data.perms); - writeString(os, data.description); - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - byte[] buff = new byte[BUFF_SIZE]; - data.ns = readString(is, buff); - data.name = readString(is,buff); - data.perms = readStringSet(is,buff); - data.description = readString(is,buff); - } - }; - - private void init(AuthzTrans trans) { - String[] helpers = setCRUD(trans, TABLE, Data.class, RoleLoader.deflt); - - psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns = ?", new RoleLoader(1),readConsistency); - - psName = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE name = ?", new RoleLoader(1),readConsistency); - - psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + - " WHERE ns=? AND name > ? AND name < ?", - new RoleLoader(3) { - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx] = data.ns; - obj[++idx]=data.name + DOT; - obj[++idx]=data.name + DOT_PLUS_ONE; - } - },readConsistency); - - } - - public Result> readNS(AuthzTrans trans, String ns) { - return psNS.read(trans, R_TEXT + " NS " + ns, new Object[]{ns}); - } - - public Result> readName(AuthzTrans trans, String name) { - return psName.read(trans, R_TEXT + name, new Object[]{name}); - } - - public Result> readChildren(AuthzTrans trans, String ns, String role) { - if(role.length()==0 || "*".equals(role)) { - return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR}); - } else { - return psChildren.read(trans, R_TEXT, new Object[]{ns, role+DOT, role+DOT_PLUS_ONE}); - } - } - - /** - * Add a single Permission to the Role's Permission Collection - * - * @param trans - * @param role - * @param perm - * @param type - * @param action - * @return - */ - public Result addPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) { - // Note: Prepared Statements for Collection updates aren't supported - String pencode = perm.encode(); - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" + - pencode + "'} WHERE " + - "ns = '" + role.ns + "' AND name = '" + role.name + "';"); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - wasModified(trans, CRUD.update, role, "Added permission " + pencode + " to role " + role.fullName()); - return Result.ok(); - } - - /** - * Remove a single Permission from the Role's Permission Collection - * @param trans - * @param role - * @param perm - * @param type - * @param action - * @return - */ - public Result delPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) { - // Note: Prepared Statements for Collection updates aren't supported - - String pencode = perm.encode(); - - //ResultSet rv = - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" + - pencode + "'} WHERE " + - "ns = '" + role.ns + "' AND name = '" + role.name + "';"); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - //TODO how can we tell when it doesn't? - wasModified(trans, CRUD.update, role, "Removed permission " + pencode + " from role " + role.fullName() ); - return Result.ok(); - } - - /** - * Add description to role - * - * @param trans - * @param ns - * @param name - * @param description - * @return - */ - public Result addDescription(AuthzTrans trans, String ns, String name, String description) { - try { - getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" - + description + "' WHERE ns = '" + ns + "' AND name = '" + name + "';"); - } catch (DriverException | APIException | IOException e) { - reportPerhapsReset(trans,e); - return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG); - } - - Data data = new Data(); - data.ns=ns; - data.name=name; - wasModified(trans, CRUD.update, data, "Added description " + description + " to role " + data.fullName(), null ); - return Result.ok(); - } - - - /** - * Log Modification statements to History - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - hd.user = trans.user(); - hd.action = modified.name(); - hd.target = TABLE; - hd.subject = subject ? override[1] : data.fullName(); - hd.memo = memo ? override[0] : (data.fullName() + " was " + modified.name() + 'd' ); - if(modified==CRUD.delete) { - try { - hd.reconstruct = data.bytify(); - } catch (IOException e) { - trans.error().log(e,"Could not serialize RoleDAO.Data"); - } - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) { - trans.error().log("Cannot touch CacheInfo for Role"); - } - } - - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Status.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Status.java deleted file mode 100644 index 246df6ae..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/Status.java +++ /dev/null @@ -1,88 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import org.onap.aaf.authz.layer.Result; - - - - -/** - * Add additional Behavior for Specific Applications for Results - * - * In this case, we add additional BitField information accessible by - * method ( - * - * @param - */ -public class Status extends Result { - - // 10/1/2013: Initially, I used enum, but it's not extensible. - public final static int ERR_NsNotFound = Result.ERR_General+1, - ERR_RoleNotFound = Result.ERR_General+2, - ERR_PermissionNotFound = Result.ERR_General+3, - ERR_UserNotFound = Result.ERR_General+4, - ERR_UserRoleNotFound = Result.ERR_General+5, - ERR_DelegateNotFound = Result.ERR_General+6, - ERR_InvalidDelegate = Result.ERR_General+7, - ERR_DependencyExists = Result.ERR_General+8, - ERR_NoApprovals = Result.ERR_General+9, - ACC_Now = Result.ERR_General+10, - ACC_Future = Result.ERR_General+11, - ERR_ChoiceNeeded = Result.ERR_General+12, - ERR_FutureNotRequested = Result.ERR_General+13; - - /** - * Constructor for Result set. - * @param data - * @param status - */ - private Status(RV value, int status, String details, String[] variables ) { - super(value,status,details,variables); - } - - public static String name(int status) { - switch(status) { - case OK: return "OK"; - case ERR_NsNotFound: return "ERR_NsNotFound"; - case ERR_RoleNotFound: return "ERR_RoleNotFound"; - case ERR_PermissionNotFound: return "ERR_PermissionNotFound"; - case ERR_UserNotFound: return "ERR_UserNotFound"; - case ERR_UserRoleNotFound: return "ERR_UserRoleNotFound"; - case ERR_DelegateNotFound: return "ERR_DelegateNotFound"; - case ERR_InvalidDelegate: return "ERR_InvalidDelegate"; - case ERR_ConflictAlreadyExists: return "ERR_ConflictAlreadyExists"; - case ERR_DependencyExists: return "ERR_DependencyExists"; - case ERR_ActionNotCompleted: return "ERR_ActionNotCompleted"; - case ERR_Denied: return "ERR_Denied"; - case ERR_Policy: return "ERR_Policy"; - case ERR_BadData: return "ERR_BadData"; - case ERR_NotImplemented: return "ERR_NotImplemented"; - case ERR_NotFound: return "ERR_NotFound"; - case ERR_ChoiceNeeded: return "ERR_ChoiceNeeded"; - } - //case ERR_General: or unknown... - return "ERR_General"; - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/UserRoleDAO.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/UserRoleDAO.java deleted file mode 100644 index 29681603..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/cass/UserRoleDAO.java +++ /dev/null @@ -1,320 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.cass; - -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.Bytification; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.Loader; -import org.onap.aaf.dao.Streamer; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.util.Chrono; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Row; - -public class UserRoleDAO extends CassDAOImpl { - public static final String TABLE = "user_role"; - - public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F - - private static final String TRANS_UR_SLOT = "_TRANS_UR_SLOT_"; - public Slot transURSlot; - - private final HistoryDAO historyDAO; - private final CacheInfoDAO infoDAO; - - private PSInfo psByUser, psByRole, psUserInRole; - - - - public UserRoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException { - super(trans, UserRoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - transURSlot = trans.slot(TRANS_UR_SLOT); - init(trans); - - // Set up sub-DAOs - historyDAO = new HistoryDAO(trans, this); - infoDAO = new CacheInfoDAO(trans,this); - } - - public UserRoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) { - super(trans, UserRoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); - transURSlot = trans.slot(TRANS_UR_SLOT); - historyDAO = hDAO; - infoDAO = ciDAO; - init(trans); - } - - private static final int KEYLIMIT = 2; - public static class Data extends CacheableData implements Bytification { - public String user; - public String role; - public String ns; - public String rname; - public Date expires; - - @Override - public int[] invalidate(Cached cache) { - // Note: I'm not worried about Name collisions, because the formats are different: - // myName ... etc versus - // com. ... - // The "dot" makes the difference. - return new int[] { - seg(cache,user,role), - seg(cache,user), - seg(cache,role) - }; - } - - @Override - public ByteBuffer bytify() throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - URLoader.deflt.marshal(this,new DataOutputStream(baos)); - return ByteBuffer.wrap(baos.toByteArray()); - } - - @Override - public void reconstitute(ByteBuffer bb) throws IOException { - URLoader.deflt.unmarshal(this, toDIS(bb)); - } - - public void role(String ns, String rname) { - this.ns = ns; - this.rname = rname; - this.role = ns + '.' + rname; - } - - public void role(RoleDAO.Data rdd) { - ns = rdd.ns; - rname = rdd.name; - role = rdd.fullName(); - } - - - public boolean role(AuthzTrans trans, Question ques, String role) { - this.role = role; - Result rnss = ques.deriveNsSplit(trans, role); - if(rnss.isOKhasData()) { - ns = rnss.value.ns; - rname = rnss.value.name; - return true; - } else { - return false; - } - } - - @Override - public String toString() { - return user + '|' + ns + '|' + rname + '|' + Chrono.dateStamp(expires); - } - - - } - - private static class URLoader extends Loader implements Streamer { - public static final int MAGIC=738469903; - public static final int VERSION=1; - public static final int BUFF_SIZE=48; - - public static final URLoader deflt = new URLoader(KEYLIMIT); - - public URLoader(int keylimit) { - super(keylimit); - } - - @Override - public Data load(Data data, Row row) { - data.user = row.getString(0); - data.role = row.getString(1); - data.ns = row.getString(2); - data.rname = row.getString(3); - data.expires = row.getDate(4); - return data; - } - - @Override - protected void key(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.user; - obj[++idx]=data.role; - } - - @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; - obj[idx]=data.ns; - obj[++idx]=data.rname; - obj[++idx]=data.expires; - } - - @Override - public void marshal(Data data, DataOutputStream os) throws IOException { - writeHeader(os,MAGIC,VERSION); - - writeString(os, data.user); - writeString(os, data.role); - writeString(os, data.ns); - writeString(os, data.rname); - os.writeLong(data.expires==null?-1:data.expires.getTime()); - } - - @Override - public void unmarshal(Data data, DataInputStream is) throws IOException { - /*int version = */readHeader(is,MAGIC,VERSION); - // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields - - byte[] buff = new byte[BUFF_SIZE]; - data.user = readString(is,buff); - data.role = readString(is,buff); - data.ns = readString(is,buff); - data.rname = readString(is,buff); - long l = is.readLong(); - data.expires = l<0?null:new Date(l); - } - - }; - - private void init(AuthzTrans trans) { - String[] helper = setCRUD(trans, TABLE, Data.class, URLoader.deflt); - - psByUser = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ?", - new URLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.user; - } - },readConsistency); - - // Note: We understand this call may have poor performance, so only should be used in Management (Delete) func - psByRole = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE role = ? ALLOW FILTERING", - new URLoader(1) { - @Override - protected void key(Data data, int idx, Object[] obj) { - obj[idx]=data.role; - } - },readConsistency); - - psUserInRole = new PSInfo(trans,SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ? AND role = ?", - URLoader.deflt,readConsistency); - } - - public Result> readByUser(AuthzTrans trans, String user) { - return psByUser.read(trans, R_TEXT + " by User " + user, new Object[]{user}); - } - - /** - * Note: Use Sparingly. Cassandra's forced key structure means this will perform fairly poorly - * @param trans - * @param role - * @return - * @throws DAOException - */ - public Result> readByRole(AuthzTrans trans, String role) { - return psByRole.read(trans, R_TEXT + " by Role " + role, new Object[]{role}); - } - - /** - * Direct Lookup of User Role - * Don't forget to check for Expiration - */ - public Result> readByUserRole(AuthzTrans trans, String user, String role) { - return psUserInRole.read(trans, R_TEXT + " by User " + user + " and Role " + role, new Object[]{user,role}); - } - - - /** - * Log Modification statements to History - * @param modified which CRUD action was done - * @param data entity data that needs a log entry - * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data - */ - @Override - protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) { - boolean memo = override.length>0 && override[0]!=null; - boolean subject = override.length>1 && override[1]!=null; - - HistoryDAO.Data hd = HistoryDAO.newInitedData(); - HistoryDAO.Data hdRole = HistoryDAO.newInitedData(); - - hd.user = hdRole.user = trans.user(); - hd.action = modified.name(); - // Modifying User/Role is an Update to Role, not a Create. JG, 07-14-2015 - hdRole.action = CRUD.update.name(); - hd.target = TABLE; - hdRole.target = RoleDAO.TABLE; - hd.subject = subject?override[1] : (data.user + '|'+data.role); - hdRole.subject = data.role; - switch(modified) { - case create: - hd.memo = hdRole.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : String.format("%s added to %s",data.user,data.role); - break; - case update: - hd.memo = hdRole.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : String.format("%s - %s was updated",data.user,data.role); - break; - case delete: - hd.memo = hdRole.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : String.format("%s removed from %s",data.user,data.role); - try { - hd.reconstruct = hdRole.reconstruct = data.bytify(); - } catch (IOException e) { - trans.warn().log(e,"Deleted UserRole could not be serialized"); - } - break; - default: - hd.memo = hdRole.memo = memo - ? String.format("%s by %s", override[0], hd.user) - : "n/a"; - } - - if(historyDAO.create(trans, hd).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - - if(historyDAO.create(trans, hdRole).status!=Status.OK) { - trans.error().log("Cannot log to History"); - } - // uses User as Segment - if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) { - trans.error().log("Cannot touch CacheInfo"); - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/CassExecutor.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/CassExecutor.java deleted file mode 100644 index f05a9172..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/CassExecutor.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.hl; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.authz.org.Executor; -import org.onap.aaf.dao.aaf.cass.NsSplit; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; - -public class CassExecutor implements Executor { - - private Question q; - private Function f; - private AuthzTrans trans; - - public CassExecutor(AuthzTrans trans, Function f) { - this.trans = trans; - this.f = f; - this.q = this.f.q; - } - - @Override - public boolean hasPermission(String user, String ns, String type, String instance, String action) { - return isGranted(user, ns, type, instance, action); - } - - @Override - public boolean inRole(String name) { - Result nss = q.deriveNsSplit(trans, name); - if(nss.notOK())return false; - return q.roleDAO.read(trans, nss.value.ns,nss.value.name).isOKhasData(); - } - - public boolean isGranted(String user, String ns, String type, String instance, String action) { - return q.isGranted(trans, user, ns, type, instance,action); - } - - @Override - public String namespace() throws Exception { - Result res = q.validNSOfDomain(trans,trans.user()); - if(res.isOK()) { - String user[] = trans.user().split("\\."); - return user[user.length-1] + '.' + user[user.length-2]; - } - throw new Exception(res.status + ' ' + res.details); - } - - @Override - public String id() { - return trans.user(); - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Function.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Function.java deleted file mode 100644 index 0404fee6..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Function.java +++ /dev/null @@ -1,1574 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.hl; - -import static org.onap.aaf.authz.layer.Result.OK; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.UUID; - -import org.onap.aaf.authz.common.Define; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.authz.org.Executor; -import org.onap.aaf.authz.org.Organization; -import org.onap.aaf.authz.org.Organization.Expiration; -import org.onap.aaf.authz.org.Organization.Identity; -import org.onap.aaf.authz.org.Organization.Policy; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.aaf.cass.ApprovalDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.DelegateDAO; -import org.onap.aaf.dao.aaf.cass.FutureDAO; -import org.onap.aaf.dao.aaf.cass.Namespace; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.NsSplit; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; -import org.onap.aaf.dao.aaf.hl.Question.Access; - -public class Function { - - public static final String FOP_CRED = "cred"; - public static final String FOP_DELEGATE = "delegate"; - public static final String FOP_NS = "ns"; - public static final String FOP_PERM = "perm"; - public static final String FOP_ROLE = "role"; - public static final String FOP_USER_ROLE = "user_role"; - // First Action should ALWAYS be "write", see "CreateRole" - public final Question q; - - public Function(AuthzTrans trans, Question question) { - q = question; - } - - private class ErrBuilder { - private StringBuilder sb; - private List ao; - - public void log(Result result) { - if (result.notOK()) { - if (sb == null) { - sb = new StringBuilder(); - ao = new ArrayList(); - } - sb.append(result.details); - sb.append('\n'); - for (String s : result.variables) { - ao.add(s); - } - } - } - - public String[] vars() { - String[] rv = new String[ao.size()]; - ao.toArray(rv); - return rv; - } - - public boolean hasErr() { - return sb != null; - } - - @Override - public String toString() { - return sb == null ? "" : String.format(sb.toString(), ao); - } - } - - /** - * createNS - * - * Create Namespace - * - * @param trans - * @param org - * @param ns - * @param user - * @return - * @throws DAOException - * - * To create an NS, you need to: 1) validate permission to - * modify parent NS 2) Does NS exist already? 3) Create NS with - * a) "user" as owner. NOTE: Per 10-15 request for AAF 1.0 4) - * Loop through Roles with Parent NS, and map any that start - * with this NS into this one 5) Loop through Perms with Parent - * NS, and map any that start with this NS into this one - */ - public Result createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) { - Result rq; - - if (namespace.name.endsWith(Question.DOT_ADMIN) - || namespace.name.endsWith(Question.DOT_OWNER)) { - return Result.err(Status.ERR_BadData, - "'admin' and 'owner' are reserved names in AAF"); - } - - try { - for (String u : namespace.owner) { - Organization org = trans.org(); - Identity orgUser = org.getIdentity(trans, u); - if (orgUser == null || !orgUser.isResponsible()) { - // check if user has explicit permission - String reason; - if (org.isTestEnv() && (reason=org.validate(trans, Policy.AS_EMPLOYEE, - new CassExecutor(trans, this), u))!=null) { - return Result.err(Status.ERR_Policy,reason); - } - } - } - } catch (Exception e) { - trans.error().log(e, - "Could not contact Organization for User Validation"); - } - - String user = trans.user(); - // 1) May Change Parent? - int idx = namespace.name.lastIndexOf('.'); - String parent; - if (idx < 0) { - if (!q.isGranted(trans, user, Define.ROOT_NS,Question.NS, ".", "create")) { - return Result.err(Result.ERR_Security, - "%s may not create Root Namespaces", user); - } - parent = null; - fromApproval = true; - } else { - parent = namespace.name.substring(0, idx); - } - - if (!fromApproval) { - Result rparent = q.deriveNs(trans, parent); - if (rparent.notOK()) { - return Result.err(rparent); - } - rparent = q.mayUser(trans, user, rparent.value, Access.write); - if (rparent.notOK()) { - return Result.err(rparent); - } - } - - // 2) Does requested NS exist - if (q.nsDAO.read(trans, namespace.name).isOKhasData()) { - return Result.err(Status.ERR_ConflictAlreadyExists, - "Target Namespace already exists"); - } - - // Someone must be responsible. - if (namespace.owner == null || namespace.owner.isEmpty()) { - return Result - .err(Status.ERR_Policy, - "Namespaces must be assigned at least one responsible party"); - } - - // 3) Create NS - Date now = new Date(); - - Result r; - // 3a) Admin - - try { - // Originally, added the enterer as Admin, but that's not necessary, - // or helpful for Operations folks.. - // Admins can be empty, because they can be changed by lower level - // NSs - // if(ns.admin(false).isEmpty()) { - // ns.admin(true).add(user); - // } - if (namespace.admin != null) { - for (String u : namespace.admin) { - if ((r = checkValidID(trans, now, u)).notOK()) { - return r; - } - } - } - - // 3b) Responsible - Organization org = trans.org(); - for (String u : namespace.owner) { - Identity orgUser = org.getIdentity(trans, u); - if (orgUser == null) { - return Result - .err(Status.ERR_BadData, - "NS must be created with an %s approved Responsible Party", - org.getName()); - } - } - } catch (Exception e) { - return Result.err(Status.ERR_UserNotFound, e.getMessage()); - } - - // VALIDATIONS done... Add NS - if ((rq = q.nsDAO.create(trans, namespace.data())).notOK()) { - return Result.err(rq); - } - - // Since Namespace is now created, we need to grab all subsequent errors - ErrBuilder eb = new ErrBuilder(); - - // Add UserRole(s) - UserRoleDAO.Data urdd = new UserRoleDAO.Data(); - urdd.expires = trans.org().expiration(null, Expiration.UserInRole).getTime(); - urdd.role(namespace.name, Question.ADMIN); - for (String admin : namespace.admin) { - urdd.user = admin; - eb.log(q.userRoleDAO.create(trans, urdd)); - } - urdd.role(namespace.name,Question.OWNER); - for (String owner : namespace.owner) { - urdd.user = owner; - eb.log(q.userRoleDAO.create(trans, urdd)); - } - - addNSAdminRolesPerms(trans, eb, namespace.name); - - addNSOwnerRolesPerms(trans, eb, namespace.name); - - if (parent != null) { - // Build up with any errors - - Result parentNS = q.deriveNs(trans, parent); - String targetNs = parentNS.value.name; // Get the Parent Namespace, - // not target - String targetName = namespace.name.substring(parentNS.value.name.length() + 1); // Remove the Parent Namespace from the - // Target + a dot, and you'll get the name - int targetNameDot = targetName.length() + 1; - - // 4) Change any roles with children matching this NS, and - Result> rrdc = q.roleDAO.readChildren(trans, targetNs, targetName); - if (rrdc.isOKhasData()) { - for (RoleDAO.Data rdd : rrdc.value) { - // Remove old Role from Perms, save them off - List lpdd = new ArrayList(); - for(String p : rdd.perms(false)) { - Result rpdd = PermDAO.Data.decode(trans,q,p); - if(rpdd.isOKhasData()) { - PermDAO.Data pdd = rpdd.value; - lpdd.add(pdd); - q.permDAO.delRole(trans, pdd, rdd); - } else{ - trans.error().log(rpdd.errorString()); - } - } - - // Save off Old keys - String delP1 = rdd.ns; - String delP2 = rdd.name; - - // Write in new key - rdd.ns = namespace.name; - rdd.name = (delP2.length() > targetNameDot) ? delP2 - .substring(targetNameDot) : ""; - - // Need to use non-cached, because switching namespaces, not - // "create" per se - if ((rq = q.roleDAO.create(trans, rdd)).isOK()) { - // Put Role back into Perm, with correct info - for(PermDAO.Data pdd : lpdd) { - q.permDAO.addRole(trans, pdd, rdd); - } - // Change data for User Roles - Result> rurd = q.userRoleDAO.readByRole(trans, rdd.fullName()); - if(rurd.isOKhasData()) { - for(UserRoleDAO.Data urd : rurd.value) { - urd.ns = rdd.ns; - urd.rname = rdd.name; - q.userRoleDAO.update(trans, urd); - } - } - // Now delete old one - rdd.ns = delP1; - rdd.name = delP2; - if ((rq = q.roleDAO.delete(trans, rdd, false)).notOK()) { - eb.log(rq); - } - } else { - eb.log(rq); - } - } - } - - // 4) Change any Permissions with children matching this NS, and - Result> rpdc = q.permDAO.readChildren(trans,targetNs, targetName); - if (rpdc.isOKhasData()) { - for (PermDAO.Data pdd : rpdc.value) { - // Remove old Perm from Roles, save them off - List lrdd = new ArrayList(); - - for(String rl : pdd.roles(false)) { - Result rrdd = RoleDAO.Data.decode(trans,q,rl); - if(rrdd.isOKhasData()) { - RoleDAO.Data rdd = rrdd.value; - lrdd.add(rdd); - q.roleDAO.delPerm(trans, rdd, pdd); - } else{ - trans.error().log(rrdd.errorString()); - } - } - - // Save off Old keys - String delP1 = pdd.ns; - String delP2 = pdd.type; - pdd.ns = namespace.name; - pdd.type = (delP2.length() > targetNameDot) ? delP2 - .substring(targetNameDot) : ""; - if ((rq = q.permDAO.create(trans, pdd)).isOK()) { - // Put Role back into Perm, with correct info - for(RoleDAO.Data rdd : lrdd) { - q.roleDAO.addPerm(trans, rdd, pdd); - } - - pdd.ns = delP1; - pdd.type = delP2; - if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) { - eb.log(rq); - // } else { - // Need to invalidate directly, because we're - // switching places in NS, not normal cache behavior - // q.permDAO.invalidate(trans,pdd); - } - } else { - eb.log(rq); - } - } - } - if (eb.hasErr()) { - return Result.err(Status.ERR_ActionNotCompleted,eb.sb.toString(), eb.vars()); - } - } - return Result.ok(); - } - - private void addNSAdminRolesPerms(AuthzTrans trans, ErrBuilder eb, String ns) { - // Admin Role/Perm - RoleDAO.Data rd = new RoleDAO.Data(); - rd.ns = ns; - rd.name = "admin"; - rd.description = "AAF Namespace Administrators"; - - PermDAO.Data pd = new PermDAO.Data(); - pd.ns = ns; - pd.type = "access"; - pd.instance = Question.ASTERIX; - pd.action = Question.ASTERIX; - pd.description = "AAF Namespace Write Access"; - - rd.perms = new HashSet(); - rd.perms.add(pd.encode()); - eb.log(q.roleDAO.create(trans, rd)); - - pd.roles = new HashSet(); - pd.roles.add(rd.encode()); - eb.log(q.permDAO.create(trans, pd)); - } - - private void addNSOwnerRolesPerms(AuthzTrans trans, ErrBuilder eb, String ns) { - RoleDAO.Data rd = new RoleDAO.Data(); - rd.ns = ns; - rd.name = "owner"; - rd.description = "AAF Namespace Owners"; - - PermDAO.Data pd = new PermDAO.Data(); - pd.ns = ns; - pd.type = "access"; - pd.instance = Question.ASTERIX; - pd.action = Question.READ; - pd.description = "AAF Namespace Read Access"; - - rd.perms = new HashSet(); - rd.perms.add(pd.encode()); - eb.log(q.roleDAO.create(trans, rd)); - - pd.roles = new HashSet(); - pd.roles.add(rd.encode()); - eb.log(q.permDAO.create(trans, pd)); - } - - /** - * deleteNS - * - * Delete Namespace - * - * @param trans - * @param org - * @param ns - * @param force - * @param user - * @return - * @throws DAOException - * - * - * To delete an NS, you need to: 1) validate permission to - * modify this NS 2) Find all Roles with this NS, and 2a) if - * Force, delete them, else modify to Parent NS 3) Find all - * Perms with this NS, and modify to Parent NS 3a) if Force, - * delete them, else modify to Parent NS 4) Find all IDs - * associated to this NS, and deny if exists. 5) Remove NS - */ - public Result deleteNS(AuthzTrans trans, String ns) { - boolean force = trans.forceRequested(); - boolean move = trans.moveRequested(); - // 1) Validate - Result> nsl; - if ((nsl = q.nsDAO.read(trans, ns)).notOKorIsEmpty()) { - return Result.err(Status.ERR_NsNotFound, "%s does not exist", ns); - } - NsDAO.Data nsd = nsl.value.get(0); - NsType nt; - if (move && !q.canMove(nt = NsType.fromType(nsd.type))) { - return Result.err(Status.ERR_Denied, "Namespace Force=move not permitted for Type %s",nt.name()); - } - - Result dnr = q.mayUser(trans, trans.user(), nsd, Access.write); - if (dnr.status != Status.OK) { - return Result.err(dnr); - } - - // 2) Find Parent - String user = trans.user(); - int idx = ns.lastIndexOf('.'); - NsDAO.Data parent; - if (idx < 0) { - if (!q.isGranted(trans, user, Define.ROOT_NS,Question.NS, ".", "delete")) { - return Result.err(Result.ERR_Security, - "%s may not delete Root Namespaces", user); - } - parent = null; - } else { - Result rlparent = q.deriveNs(trans, ns.substring(0, idx)); - if (rlparent.notOKorIsEmpty()) { - return Result.err(rlparent); - } - parent = rlparent.value; - } - - // Build up with any errors - // If sb != null below is an indication of error - StringBuilder sb = null; - ErrBuilder er = new ErrBuilder(); - - // 2a) Deny if any IDs on Namespace - Result> creds = q.credDAO.readNS(trans, ns); - if (creds.isOKhasData()) { - if (force || move) { - for (CredDAO.Data cd : creds.value) { - er.log(q.credDAO.delete(trans, cd, false)); - // Since we're deleting all the creds, we should delete all - // the user Roles for that Cred - Result> rlurd = q.userRoleDAO - .readByUser(trans, cd.id); - if (rlurd.isOK()) { - for (UserRoleDAO.Data data : rlurd.value) { - q.userRoleDAO.delete(trans, data, false); - } - } - - } - } else { - // first possible StringBuilder Create. - sb = new StringBuilder(); - sb.append('['); - sb.append(ns); - sb.append("] contains users"); - } - } - - // 2b) Find (or delete if forced flag is set) dependencies - // First, find if NS Perms are the only ones - Result> rpdc = q.permDAO.readNS(trans, ns); - if (rpdc.isOKhasData()) { - // Since there are now NS perms, we have to count NON-NS perms. - // FYI, if we delete them now, and the NS is not deleted, it is in - // an inconsistent state. - boolean nonaccess = false; - for (PermDAO.Data pdd : rpdc.value) { - if (!"access".equals(pdd.type)) { - nonaccess = true; - break; - } - } - if (nonaccess && !force && !move) { - if (sb == null) { - sb = new StringBuilder(); - sb.append('['); - sb.append(ns); - sb.append("] contains "); - } else { - sb.append(", "); - } - sb.append("permissions"); - } - } - - Result> rrdc = q.roleDAO.readNS(trans, ns); - if (rrdc.isOKhasData()) { - // Since there are now NS roles, we have to count NON-NS roles. - // FYI, if we delete th)em now, and the NS is not deleted, it is in - // an inconsistent state. - int count = rrdc.value.size(); - for (RoleDAO.Data rdd : rrdc.value) { - if ("admin".equals(rdd.name) || "owner".equals(rdd.name)) { - --count; - } - } - if (count > 0 && !force && !move) { - if (sb == null) { - sb = new StringBuilder(); - sb.append('['); - sb.append(ns); - sb.append("] contains "); - } else { - sb.append(", "); - } - sb.append("roles"); - } - } - - // 2c) Deny if dependencies exist that would be moved to root level - // parent is root level parent here. Need to find closest parent ns that - // exists - if (sb != null) { - if (!force && !move) { - sb.append(".\n Delete dependencies and try again. Note: using \"force=true\" will delete all. \"force=move\" will delete Creds, but move Roles and Perms to parent."); - return Result.err(Status.ERR_DependencyExists, sb.toString()); - } - - if (move && (parent == null || parent.type == NsType.COMPANY.type)) { - return Result - .err(Status.ERR_DependencyExists, - "Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again", - parent.name); - } - } else if (move && parent != null) { - sb = new StringBuilder(); - // 3) Change any roles with children matching this NS, and - moveRoles(trans, parent, sb, rrdc); - // 4) Change any Perms with children matching this NS, and - movePerms(trans, parent, sb, rpdc); - } - - if (sb != null && sb.length() > 0) { - return Result.err(Status.ERR_DependencyExists, sb.toString()); - } - - if (er.hasErr()) { - if (trans.debug().isLoggable()) { - trans.debug().log(er.toString()); - } - return Result.err(Status.ERR_DependencyExists, - "Namespace members cannot be deleted for %s", ns); - } - - // 5) OK... good to go for NS Deletion... - if (!rpdc.isEmpty()) { - for (PermDAO.Data perm : rpdc.value) { - deletePerm(trans, perm, true, true); - } - } - if (!rrdc.isEmpty()) { - for (RoleDAO.Data role : rrdc.value) { - deleteRole(trans, role, true, true); - } - } - - return q.nsDAO.delete(trans, nsd, false); - } - - public Result> getOwners(AuthzTrans trans, String ns, - boolean includeExpired) { - return getUsersByRole(trans, ns + Question.DOT_OWNER, includeExpired); - } - - private Result mayAddOwner(AuthzTrans trans, String ns, String id) { - Result rq = q.deriveNs(trans, ns); - if (rq.notOK()) { - return Result.err(rq); - } - - rq = q.mayUser(trans, trans.user(), rq.value, Access.write); - if (rq.notOK()) { - return Result.err(rq); - } - - Identity user; - Organization org = trans.org(); - try { - if ((user = org.getIdentity(trans, id)) == null) { - return Result.err(Status.ERR_Policy, - "%s reports that this is not a valid credential", - org.getName()); - } - if (user.isResponsible()) { - return Result.ok(); - } else { - String reason="This is not a Test Environment"; - if (org.isTestEnv() && (reason = org.validate(trans, Policy.AS_EMPLOYEE, - new CassExecutor(trans, this), id))==null) { - return Result.ok(); - } - return Result.err(Status.ERR_Policy,reason); - } - } catch (Exception e) { - return Result.err(e); - } - } - - private Result mayAddAdmin(AuthzTrans trans, String ns, String id) { - // Does NS Exist? - Result r = checkValidID(trans, new Date(), id); - if (r.notOK()) { - return r; - } - // Is id able to be an Admin - Result rq = q.deriveNs(trans, ns); - if (rq.notOK()) { - return Result.err(rq); - } - - rq = q.mayUser(trans, trans.user(), rq.value, Access.write); - if (rq.notOK()) { - return Result.err(rq); - } - return r; - } - - private Result checkValidID(AuthzTrans trans, Date now, String user) { - Organization org = trans.org(); - if (user.endsWith(org.getRealm())) { - try { - if (org.getIdentity(trans, user) == null) { - return Result.err(Status.ERR_Denied, - "%s reports that %s is a faulty ID", org.getName(), - user); - } - return Result.ok(); - } catch (Exception e) { - return Result.err(Result.ERR_Security, - "%s is not a valid %s Credential", user, org.getName()); - } - } else { - Result> cdr = q.credDAO.readID(trans, user); - if (cdr.notOKorIsEmpty()) { - return Result.err(Status.ERR_Security, - "%s is not a valid AAF Credential", user); - } - - for (CredDAO.Data cd : cdr.value) { - if (cd.expires.after(now)) { - return Result.ok(); - } - } - } - return Result.err(Result.ERR_Security, "%s has expired", user); - } - - public Result delOwner(AuthzTrans trans, String ns, String id) { - Result rq = q.deriveNs(trans, ns); - if (rq.notOK()) { - return Result.err(rq); - } - - rq = q.mayUser(trans, trans.user(), rq.value, Access.write); - if (rq.notOK()) { - return Result.err(rq); - } - - return delUserRole(trans, id, ns,Question.OWNER); - } - - public Result> getAdmins(AuthzTrans trans, String ns, boolean includeExpired) { - return getUsersByRole(trans, ns + Question.DOT_ADMIN, includeExpired); - } - - public Result delAdmin(AuthzTrans trans, String ns, String id) { - Result rq = q.deriveNs(trans, ns); - if (rq.notOK()) { - return Result.err(rq); - } - - rq = q.mayUser(trans, trans.user(), rq.value, Access.write); - if (rq.notOK()) { - return Result.err(rq); - } - - return delUserRole(trans, id, ns, Question.ADMIN); - } - - /** - * Helper function that moves permissions from a namespace being deleted to - * its parent namespace - * - * @param trans - * @param parent - * @param sb - * @param rpdc - * - list of permissions in namespace being deleted - */ - private void movePerms(AuthzTrans trans, NsDAO.Data parent, - StringBuilder sb, Result> rpdc) { - - Result rv; - Result pd; - - if (rpdc.isOKhasData()) { - for (PermDAO.Data pdd : rpdc.value) { - String delP2 = pdd.type; - if ("access".equals(delP2)) { - continue; - } - // Remove old Perm from Roles, save them off - List lrdd = new ArrayList(); - - for(String rl : pdd.roles(false)) { - Result rrdd = RoleDAO.Data.decode(trans,q,rl); - if(rrdd.isOKhasData()) { - RoleDAO.Data rdd = rrdd.value; - lrdd.add(rdd); - q.roleDAO.delPerm(trans, rdd, pdd); - } else{ - trans.error().log(rrdd.errorString()); - } - } - - // Save off Old keys - String delP1 = pdd.ns; - NsSplit nss = new NsSplit(parent, pdd.fullType()); - pdd.ns = nss.ns; - pdd.type = nss.name; - // Use direct Create/Delete, because switching namespaces - if ((pd = q.permDAO.create(trans, pdd)).isOK()) { - // Put Role back into Perm, with correct info - for(RoleDAO.Data rdd : lrdd) { - q.roleDAO.addPerm(trans, rdd, pdd); - } - - pdd.ns = delP1; - pdd.type = delP2; - if ((rv = q.permDAO.delete(trans, pdd, false)).notOK()) { - sb.append(rv.details); - sb.append('\n'); - // } else { - // Need to invalidate directly, because we're switching - // places in NS, not normal cache behavior - // q.permDAO.invalidate(trans,pdd); - } - } else { - sb.append(pd.details); - sb.append('\n'); - } - } - } - } - - /** - * Helper function that moves roles from a namespace being deleted to its - * parent namespace - * - * @param trans - * @param parent - * @param sb - * @param rrdc - * - list of roles in namespace being deleted - */ - private void moveRoles(AuthzTrans trans, NsDAO.Data parent, - StringBuilder sb, Result> rrdc) { - - Result rv; - Result rd; - - if (rrdc.isOKhasData()) { - for (RoleDAO.Data rdd : rrdc.value) { - String delP2 = rdd.name; - if ("admin".equals(delP2) || "owner".equals(delP2)) { - continue; - } - // Remove old Role from Perms, save them off - List lpdd = new ArrayList(); - for(String p : rdd.perms(false)) { - Result rpdd = PermDAO.Data.decode(trans,q,p); - if(rpdd.isOKhasData()) { - PermDAO.Data pdd = rpdd.value; - lpdd.add(pdd); - q.permDAO.delRole(trans, pdd, rdd); - } else{ - trans.error().log(rpdd.errorString()); - } - } - - // Save off Old keys - String delP1 = rdd.ns; - - NsSplit nss = new NsSplit(parent, rdd.fullName()); - rdd.ns = nss.ns; - rdd.name = nss.name; - // Use direct Create/Delete, because switching namespaces - if ((rd = q.roleDAO.create(trans, rdd)).isOK()) { - // Put Role back into Perm, with correct info - for(PermDAO.Data pdd : lpdd) { - q.permDAO.addRole(trans, pdd, rdd); - } - - rdd.ns = delP1; - rdd.name = delP2; - if ((rv = q.roleDAO.delete(trans, rdd, true)).notOK()) { - sb.append(rv.details); - sb.append('\n'); - // } else { - // Need to invalidate directly, because we're switching - // places in NS, not normal cache behavior - // q.roleDAO.invalidate(trans,rdd); - } - } else { - sb.append(rd.details); - sb.append('\n'); - } - } - } - } - - /** - * Create Permission (and any missing Permission between this and Parent) if - * we have permission - * - * Pass in the desired Management Permission for this Permission - * - * If Force is set, then Roles listed will be created, if allowed, - * pre-granted. - */ - public Result createPerm(AuthzTrans trans, PermDAO.Data perm, boolean fromApproval) { - String user = trans.user(); - // Next, see if User is allowed to Manage Parent Permission - - Result rnsd; - if (!fromApproval) { - rnsd = q.mayUser(trans, user, perm, Access.write); - if (rnsd.notOK()) { - return Result.err(rnsd); - } - } else { - rnsd = q.deriveNs(trans, perm.ns); - } - - // Does Child exist? - if (!trans.forceRequested()) { - if (q.permDAO.read(trans, perm).isOKhasData()) { - return Result.err(Status.ERR_ConflictAlreadyExists, - "Permission [%s.%s|%s|%s] already exists.", perm.ns, - perm.type, perm.instance, perm.action); - } - } - - // Attempt to add perms to roles, creating as possible - Set roles; - String pstring = perm.encode(); - - // For each Role - for (String role : roles = perm.roles(true)) { - Result rdd = RoleDAO.Data.decode(trans,q,role); - if(rdd.isOKhasData()) { - RoleDAO.Data rd = rdd.value; - if (!fromApproval) { - // May User write to the Role in question. - Result rns = q.mayUser(trans, user, rd, - Access.write); - if (rns.notOK()) { - // Remove the role from Add, because - roles.remove(role); // Don't allow adding - trans.warn() - .log("User [%s] does not have permission to relate Permissions to Role [%s]", - user, role); - } - } - - Result> rlrd; - if ((rlrd = q.roleDAO.read(trans, rd)).notOKorIsEmpty()) { - rd.perms(true).add(pstring); - if (q.roleDAO.create(trans, rd).notOK()) { - roles.remove(role); // Role doesn't exist, and can't be - // created - } - } else { - rd = rlrd.value.get(0); - if (!rd.perms.contains(pstring)) { - q.roleDAO.addPerm(trans, rd, perm); - } - } - } - } - - Result pdr = q.permDAO.create(trans, perm); - if (pdr.isOK()) { - return Result.ok(); - } else { - return Result.err(pdr); - } - } - - public Result deletePerm(final AuthzTrans trans, final PermDAO.Data perm, boolean force, boolean fromApproval) { - String user = trans.user(); - - // Next, see if User is allowed to Manage Permission - Result rnsd; - if (!fromApproval) { - rnsd = q.mayUser(trans, user, perm, Access.write); - if (rnsd.notOK()) { - return Result.err(rnsd); - } - } - // Does Perm exist? - Result> pdr = q.permDAO.read(trans, perm); - if (pdr.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist.", - perm.ns,perm.type, perm.instance, perm.action); - } - // Get perm, but with rest of data. - PermDAO.Data fullperm = pdr.value.get(0); - - // Attached to any Roles? - if (fullperm.roles != null) { - if (force) { - for (String role : fullperm.roles) { - Result rv = null; - Result rrdd = RoleDAO.Data.decode(trans, q, role); - if(rrdd.isOKhasData()) { - trans.debug().log("Removing", role, "from", fullperm, "on Perm Delete"); - if ((rv = q.roleDAO.delPerm(trans, rrdd.value, fullperm)).notOK()) { - if (rv.notOK()) { - trans.error().log("Error removing Role during delFromPermRole: ", - trans.getUserPrincipal(), - rv.errorString()); - } - } - } else { - return Result.err(rrdd); - } - } - } else if (!fullperm.roles.isEmpty()) { - return Result - .err(Status.ERR_DependencyExists, - "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.", - fullperm.ns, fullperm.type, fullperm.instance, fullperm.action); - } - } - - return q.permDAO.delete(trans, fullperm, false); - } - - public Result deleteRole(final AuthzTrans trans, final RoleDAO.Data role, boolean force, boolean fromApproval) { - String user = trans.user(); - - // Next, see if User is allowed to Manage Role - Result rnsd; - if (!fromApproval) { - rnsd = q.mayUser(trans, user, role, Access.write); - if (rnsd.notOK()) { - return Result.err(rnsd); - } - } - - // Are there any Users Attached to Role? - Result> urdr = q.userRoleDAO.readByRole(trans,role.fullName()); - if (force) { - if (urdr.isOKhasData()) { - for (UserRoleDAO.Data urd : urdr.value) { - q.userRoleDAO.delete(trans, urd, false); - } - } - } else if (urdr.isOKhasData()) { - return Result.err(Status.ERR_DependencyExists, - "Role [%s.%s] cannot be deleted as it is used by 1 or more Users.", - role.ns, role.name); - } - - // Does Role exist? - Result> rdr = q.roleDAO.read(trans, role); - if (rdr.notOKorIsEmpty()) { - return Result.err(Status.ERR_RoleNotFound, - "Role [%s.%s] does not exist", role.ns, role.name); - } - RoleDAO.Data fullrole = rdr.value.get(0); // full key search - - // Remove Self from Permissions... always, force or not. Force only applies to Dependencies (Users) - if (fullrole.perms != null) { - for (String perm : fullrole.perms(false)) { - Result rpd = PermDAO.Data.decode(trans,q,perm); - if (rpd.isOK()) { - trans.debug().log("Removing", perm, "from", fullrole,"on Role Delete"); - - Result r = q.permDAO.delRole(trans, rpd.value, fullrole); - if (r.notOK()) { - trans.error().log("ERR_FDR1 unable to remove",fullrole,"from",perm,':',r.status,'-',r.details); - } - } else { - trans.error().log("ERR_FDR2 Could not remove",perm,"from",fullrole); - } - } - } - return q.roleDAO.delete(trans, fullrole, false); - } - - /** - * Only owner of Permission may add to Role - * - * If force set, however, Role will be created before Grant, if User is - * allowed to create. - * - * @param trans - * @param role - * @param pd - * @return - */ - public Result addPermToRole(AuthzTrans trans, RoleDAO.Data role,PermDAO.Data pd, boolean fromApproval) { - String user = trans.user(); - - if (!fromApproval) { - Result rRoleCo = q.deriveFirstNsForType(trans, role.ns, NsType.COMPANY); - if(rRoleCo.notOK()) { - return Result.err(rRoleCo); - } - Result rPermCo = q.deriveFirstNsForType(trans, pd.ns, NsType.COMPANY); - if(rPermCo.notOK()) { - return Result.err(rPermCo); - } - - // Not from same company - if(!rRoleCo.value.name.equals(rPermCo.value.name)) { - Result r; - // Only grant if User ALSO has Write ability in Other Company - if((r = q.mayUser(trans, user, role, Access.write)).notOK()) { - return Result.err(r); - } - } - - - // Must be Perm Admin, or Granted Special Permission - Result ucp = q.mayUser(trans, user, pd, Access.write); - if (ucp.notOK()) { - // Don't allow CLI potential Grantees to change their own AAF - // Perms, - if ((Define.ROOT_NS.equals(pd.ns) && Question.NS.equals(pd.type)) - || !q.isGranted(trans, trans.user(),Define.ROOT_NS,Question.PERM, rPermCo.value.name, "grant")) { - // Not otherwise granted - // TODO Needed? - return Result.err(ucp); - } - // Final Check... Don't allow Grantees to add to Roles they are - // part of - Result> rlurd = q.userRoleDAO - .readByUser(trans, trans.user()); - if (rlurd.isOK()) { - for (UserRoleDAO.Data ur : rlurd.value) { - if (role.ns.equals(ur.ns) && role.name.equals(ur.rname)) { - return Result.err(ucp); - } - } - } - } - } - - Result> rlpd = q.permDAO.read(trans, pd); - if (rlpd.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, - "Permission must exist to add to Role"); - } - - Result> rlrd = q.roleDAO.read(trans, role); // Already - // Checked - // for - // can - // change - // Role - Result rv; - - if (rlrd.notOKorIsEmpty()) { - if (trans.forceRequested()) { - Result ucr = q.mayUser(trans, user, role, - Access.write); - if (ucr.notOK()) { - return Result - .err(Status.ERR_Denied, - "Role [%s.%s] does not exist. User [%s] cannot create.", - role.ns, role.name, user); - } - - role.perms(true).add(pd.encode()); - Result rdd = q.roleDAO.create(trans, role); - if (rdd.isOK()) { - rv = Result.ok(); - } else { - rv = Result.err(rdd); - } - } else { - return Result.err(Status.ERR_RoleNotFound, - "Role [%s.%s] does not exist.", role.ns, role.name); - } - } else { - role = rlrd.value.get(0); - if (role.perms(false).contains(pd.encode())) { - return Result.err(Status.ERR_ConflictAlreadyExists, - "Permission [%s.%s] is already a member of role [%s,%s]", - pd.ns, pd.type, role.ns, role.name); - } - role.perms(true).add(pd.encode()); // this is added for Caching - // access purposes... doesn't - // affect addPerm - rv = q.roleDAO.addPerm(trans, role, pd); - } - if (rv.status == Status.OK) { - return q.permDAO.addRole(trans, pd, role); - // exploring how to add information message to successful http - // request - } - return rv; - } - - /** - * Either Owner of Role or Permission may delete from Role - * - * @param trans - * @param role - * @param pd - * @return - */ - public Result delPermFromRole(AuthzTrans trans, RoleDAO.Data role,PermDAO.Data pd, boolean fromApproval) { - String user = trans.user(); - if (!fromApproval) { - Result ucr = q.mayUser(trans, user, role, Access.write); - Result ucp = q.mayUser(trans, user, pd, Access.write); - - // If Can't change either Role or Perm, then deny - if (ucr.notOK() && ucp.notOK()) { - return Result.err(Status.ERR_Denied, - "User [" + trans.user() - + "] does not have permission to delete [" - + pd.encode() + "] from Role [" - + role.fullName() + ']'); - } - } - - Result> rlr = q.roleDAO.read(trans, role); - if (rlr.notOKorIsEmpty()) { - // If Bad Data, clean out - Result> rlp = q.permDAO.read(trans, pd); - if (rlp.isOKhasData()) { - for (PermDAO.Data pv : rlp.value) { - q.permDAO.delRole(trans, pv, role); - } - } - return Result.err(rlr); - } - String perm1 = pd.encode(); - boolean notFound; - if (trans.forceRequested()) { - notFound = false; - } else { // only check if force not set. - notFound = true; - for (RoleDAO.Data r : rlr.value) { - if (r.perms != null) { - for (String perm : r.perms) { - if (perm1.equals(perm)) { - notFound = false; - break; - } - } - if(!notFound) { - break; - } - } - } - } - if (notFound) { // Need to check both, in case of corruption - return Result.err(Status.ERR_PermissionNotFound, - "Permission [%s.%s|%s|%s] not associated with any Role", - pd.ns,pd.type,pd.instance,pd.action); - } - - // Read Perm for full data - Result> rlp = q.permDAO.read(trans, pd); - Result rv = null; - if (rlp.isOKhasData()) { - for (PermDAO.Data pv : rlp.value) { - if ((rv = q.permDAO.delRole(trans, pv, role)).isOK()) { - if ((rv = q.roleDAO.delPerm(trans, role, pv)).notOK()) { - trans.error().log( - "Error removing Perm during delFromPermRole:", - trans.getUserPrincipal(), rv.errorString()); - } - } else { - trans.error().log( - "Error removing Role during delFromPermRole:", - trans.getUserPrincipal(), rv.errorString()); - } - } - } else { - rv = q.roleDAO.delPerm(trans, role, pd); - if (rv.notOK()) { - trans.error().log("Error removing Role during delFromPermRole", - rv.errorString()); - } - } - return rv == null ? Result.ok() : rv; - } - - public Result delPermFromRole(AuthzTrans trans, String role,PermDAO.Data pd) { - Result nss = q.deriveNsSplit(trans, role); - if (nss.notOK()) { - return Result.err(nss); - } - RoleDAO.Data rd = new RoleDAO.Data(); - rd.ns = nss.value.ns; - rd.name = nss.value.name; - return delPermFromRole(trans, rd, pd, false); - } - - /** - * Add a User to Role - * - * 1) Role must exist 2) User must be a known Credential (i.e. mechID ok if - * Credential) or known Organizational User - * - * @param trans - * @param org - * @param urData - * @return - * @throws DAOException - */ - public Result addUserRole(AuthzTrans trans,UserRoleDAO.Data urData) { - Result rv; - if(Question.ADMIN.equals(urData.rname)) { - rv = mayAddAdmin(trans, urData.ns, urData.user); - } else if(Question.OWNER.equals(urData.rname)) { - rv = mayAddOwner(trans, urData.ns, urData.user); - } else { - rv = checkValidID(trans, new Date(), urData.user); - } - if(rv.notOK()) { - return rv; - } - - // Check if record exists - if (q.userRoleDAO.read(trans, urData).isOKhasData()) { - return Result.err(Status.ERR_ConflictAlreadyExists, - "User Role exists"); - } - if (q.roleDAO.read(trans, urData.ns, urData.rname).notOKorIsEmpty()) { - return Result.err(Status.ERR_RoleNotFound, - "Role [%s.%s] does not exist", urData.ns, urData.rname); - } - - urData.expires = trans.org().expiration(null, Expiration.UserInRole, urData.user).getTime(); - - - Result udr = q.userRoleDAO.create(trans, urData); - switch (udr.status) { - case OK: - return Result.ok(); - default: - return Result.err(udr); - } - } - - public Result addUserRole(AuthzTrans trans, String user, String ns, String rname) { - UserRoleDAO.Data urdd = new UserRoleDAO.Data(); - urdd.ns = ns; - urdd.role(ns, rname); - urdd.user = user; - return addUserRole(trans,urdd); - } - - /** - * Extend User Role. - * - * extend the Expiration data, according to Organization rules. - * - * @param trans - * @param org - * @param urData - * @return - */ - public Result extendUserRole(AuthzTrans trans, UserRoleDAO.Data urData, boolean checkForExist) { - // Check if record still exists - if (checkForExist && q.userRoleDAO.read(trans, urData).notOKorIsEmpty()) { - return Result.err(Status.ERR_UserRoleNotFound, - "User Role does not exist"); - } - if (q.roleDAO.read(trans, urData.ns, urData.rname).notOKorIsEmpty()) { - return Result.err(Status.ERR_RoleNotFound, - "Role [%s.%s] does not exist", urData.ns,urData.rname); - } - // Special case for "Admin" roles. Issue brought forward with Prod - // problem 9/26 - - urData.expires = trans.org().expiration(null, Expiration.UserInRole).getTime(); // get - // Full - // time - // starting - // today - return q.userRoleDAO.update(trans, urData); - } - - // //////////////////////////////////////////////////// - // Special User Role Functions - // These exist, because User Roles have Expiration dates, which must be - // accounted for - // Also, as of July, 2015, Namespace Owners and Admins are now regular User - // Roles - // //////////////////////////////////////////////////// - public Result> getUsersByRole(AuthzTrans trans, String role, boolean includeExpired) { - Result> rurdd = q.userRoleDAO.readByRole(trans,role); - if (rurdd.notOK()) { - return Result.err(rurdd); - } - Date now = new Date(); - List list = rurdd.value; - List rv = new ArrayList(list.size()); // presize - for (UserRoleDAO.Data urdd : rurdd.value) { - if (includeExpired || urdd.expires.after(now)) { - rv.add(urdd.user); - } - } - return Result.ok(rv); - } - - public Result delUserRole(AuthzTrans trans, String user, String ns, String rname) { - UserRoleDAO.Data urdd = new UserRoleDAO.Data(); - urdd.user = user; - urdd.role(ns,rname); - Result> r = q.userRoleDAO.read(trans, urdd); - if (r.status == 404 || r.isEmpty()) { - return Result.err(Status.ERR_UserRoleNotFound, - "UserRole [%s] [%s.%s]", user, ns, rname); - } - if (r.notOK()) { - return Result.err(r); - } - - return q.userRoleDAO.delete(trans, urdd, false); - } - - public Result> createFuture(AuthzTrans trans, FutureDAO.Data data, String id, String user, - NsDAO.Data nsd, String op) { - // Create Future Object - List approvers=null; - Result fr = q.futureDAO.create(trans, data, id); - if (fr.isOK()) { - // User Future ID as ticket for Approvals - final UUID ticket = fr.value.id; - ApprovalDAO.Data ad; - try { - Organization org = trans.org(); - approvers = org.getApprovers(trans, user); - for (Identity u : approvers) { - ad = new ApprovalDAO.Data(); - // Note ad.id is set by ApprovalDAO Create - ad.ticket = ticket; - ad.user = user; - ad.approver = u.id(); - ad.status = ApprovalDAO.PENDING; - ad.memo = data.memo; - ad.type = org.getApproverType(); - ad.operation = op; - // Note ad.updated is created in System - Result ar = q.approvalDAO.create(trans,ad); - if (ar.notOK()) { - return Result.err(Status.ERR_ActionNotCompleted, - "Approval for %s, %s could not be created: %s", - ad.user, ad.approver, ar.details); - } - } - if (nsd != null) { - Result> rrbr = q.userRoleDAO - .readByRole(trans, nsd.name + Question.DOT_OWNER); - if (rrbr.isOK()) { - for (UserRoleDAO.Data urd : rrbr.value) { - ad = new ApprovalDAO.Data(); - // Note ad.id is set by ApprovalDAO Create - ad.ticket = ticket; - ad.user = user; - ad.approver = urd.user; - ad.status = ApprovalDAO.PENDING; - ad.memo = data.memo; - ad.type = "owner"; - ad.operation = op; - // Note ad.updated is created in System - Result ar = q.approvalDAO.create(trans, ad); - if (ar.notOK()) { - return Result.err(Status.ERR_ActionNotCompleted, - "Approval for %s, %s could not be created: %s", - ad.user, ad.approver, - ar.details); - } - } - } - } - } catch (Exception e) { - return Result.err(e); - } - } - - return Result.ok(approvers); - } - - public Result performFutureOp(AuthzTrans trans, ApprovalDAO.Data cd) { - Result> fd = q.futureDAO.read(trans, cd.ticket); - Result> allApprovalsForTicket = q.approvalDAO - .readByTicket(trans, cd.ticket); - Result rv = Result.ok(); - for (FutureDAO.Data curr : fd.value) { - if ("approved".equalsIgnoreCase(cd.status)) { - if (allApprovalsForTicket.value.size() <= 1) { - // should check if any other pendings before performing - // actions - try { - if (FOP_ROLE.equalsIgnoreCase(curr.target)) { - RoleDAO.Data data = new RoleDAO.Data(); - data.reconstitute(curr.construct); - if ("C".equalsIgnoreCase(cd.operation)) { - Result rd; - if ((rd = q.roleDAO.dao().create(trans, data)).notOK()) { - rv = Result.err(rd); - } - } else if ("D".equalsIgnoreCase(cd.operation)) { - rv = deleteRole(trans, data, true, true); - } - - } else if (FOP_PERM.equalsIgnoreCase(curr.target)) { - PermDAO.Data pdd = new PermDAO.Data(); - pdd.reconstitute(curr.construct); - if ("C".equalsIgnoreCase(cd.operation)) { - rv = createPerm(trans, pdd, true); - } else if ("D".equalsIgnoreCase(cd.operation)) { - rv = deletePerm(trans, pdd, true, true); - } else if ("G".equalsIgnoreCase(cd.operation)) { - Set roles = pdd.roles(true); - Result rrdd = null; - for (String roleStr : roles) { - rrdd = RoleDAO.Data.decode(trans, q, roleStr); - if (rrdd.isOKhasData()) { - rv = addPermToRole(trans, rrdd.value, pdd, true); - } else { - trans.error().log(rrdd.errorString()); - } - } - } else if ("UG".equalsIgnoreCase(cd.operation)) { - Set roles = pdd.roles(true); - Result rrdd; - for (String roleStr : roles) { - rrdd = RoleDAO.Data.decode(trans, q, roleStr); - if (rrdd.isOKhasData()) { - rv = delPermFromRole(trans, rrdd.value, pdd, true); - } else { - trans.error().log(rrdd.errorString()); - } - } - } - - } else if (FOP_USER_ROLE.equalsIgnoreCase(curr.target)) { - UserRoleDAO.Data data = new UserRoleDAO.Data(); - data.reconstitute(curr.construct); - // if I am the last to approve, create user role - if ("C".equalsIgnoreCase(cd.operation)) { - rv = addUserRole(trans, data); - } else if ("U".equals(cd.operation)) { - rv = extendUserRole(trans, data, true); - } - - } else if (FOP_NS.equalsIgnoreCase(curr.target)) { - Namespace namespace = new Namespace(); - namespace.reconstitute(curr.construct); - - if ("C".equalsIgnoreCase(cd.operation)) { - rv = createNS(trans, namespace, true); - } - - } else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) { - DelegateDAO.Data data = new DelegateDAO.Data(); - data.reconstitute(curr.construct); - if ("C".equalsIgnoreCase(cd.operation)) { - Result dd; - if ((dd = q.delegateDAO.create(trans, data)).notOK()) { - rv = Result.err(dd); - } - } else if ("U".equalsIgnoreCase(cd.operation)) { - rv = q.delegateDAO.update(trans, data); - } - } else if (FOP_CRED.equalsIgnoreCase(curr.target)) { - CredDAO.Data data = new CredDAO.Data(); - data.reconstitute(curr.construct); - if ("C".equalsIgnoreCase(cd.operation)) { - Result rd; - if ((rd = q.credDAO.dao().create(trans, data)).notOK()) { - rv = Result.err(rd); - } - } - } - } catch (IOException e) { - trans.error().log("IOException: ", e.getMessage(), - " \n occurred while performing", cd.memo, - " from approval ", cd.id.toString()); - } - } - } else if ("denied".equalsIgnoreCase(cd.status)) { - for (ApprovalDAO.Data ad : allApprovalsForTicket.value) { - q.approvalDAO.delete(trans, ad, false); - } - q.futureDAO.delete(trans, curr, false); - if (FOP_USER_ROLE.equalsIgnoreCase(curr.target)) { - // if I am the last to approve, create user role - if ("U".equals(cd.operation)) { - UserRoleDAO.Data data = new UserRoleDAO.Data(); - try { - data.reconstitute(curr.construct); - } catch (IOException e) { - trans.error().log("Cannot reconstitue",curr.memo); - } - rv = delUserRole(trans, data.user, data.ns, data.rname); - } - } - - } - - // if I am the last to approve, delete the future object - if (rv.isOK() && allApprovalsForTicket.value.size() <= 1) { - q.futureDAO.delete(trans, curr, false); - } - - } // end for each - return rv; - - } - - public Executor newExecutor(AuthzTrans trans) { - return new CassExecutor(trans, this); - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/PermLookup.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/PermLookup.java deleted file mode 100644 index 40f59178..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/PermLookup.java +++ /dev/null @@ -1,184 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.hl; - -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeSet; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; - -/** - * PermLookup is a Storage class for the various pieces of looking up Permission - * during Transactions to avoid duplicate processing - * - * - */ -// Package on purpose -class PermLookup { - private AuthzTrans trans; - private String user; - private Question q; - private Result> userRoles = null; - private Result> roles = null; - private Result> permNames = null; - private Result> perms = null; - - private PermLookup() {} - - static PermLookup get(AuthzTrans trans, Question q, String user) { - PermLookup lp=null; - Map permMap = trans.get(Question.PERMS, null); - if (permMap == null) { - trans.put(Question.PERMS, permMap = new HashMap()); - } else { - lp = permMap.get(user); - } - - if (lp == null) { - lp = new PermLookup(); - lp.trans = trans; - lp.user = user; - lp.q = q; - permMap.put(user, lp); - } - return lp; - } - - public Result> getUserRoles() { - if(userRoles==null) { - userRoles = q.userRoleDAO.readByUser(trans,user); - if(userRoles.isOKhasData()) { - List lurdd = new ArrayList(); - Date now = new Date(); - for(UserRoleDAO.Data urdd : userRoles.value) { - if(urdd.expires.after(now)) { // Remove Expired - lurdd.add(urdd); - } - } - if(lurdd.size()==0) { - return userRoles = Result.err(Status.ERR_UserNotFound, - "%s not found or not associated with any Roles: ", - user); - } else { - return userRoles = Result.ok(lurdd); - } - } else { - return userRoles; - } - } else { - return userRoles; - } - } - - public Result> getRoles() { - if(roles==null) { - Result> rur = getUserRoles(); - if(rur.isOK()) { - List lrdd = new ArrayList(); - for (UserRoleDAO.Data urdata : rur.value) { - // Gather all permissions from all Roles - if(urdata.ns==null || urdata.rname==null) { - trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role); - } else { - Result> rlrd = q.roleDAO.read( - trans, urdata.ns, urdata.rname); - if(rlrd.isOK()) { - lrdd.addAll(rlrd.value); - } - } - } - return roles = Result.ok(lrdd); - } else { - return roles = Result.err(rur); - } - } else { - return roles; - } - } - - public Result> getPermNames() { - if(permNames==null) { - Result> rlrd = getRoles(); - if (rlrd.isOK()) { - Set pns = new TreeSet(); - for (RoleDAO.Data rdata : rlrd.value) { - pns.addAll(rdata.perms(false)); - } - return permNames = Result.ok(pns); - } else { - return permNames = Result.err(rlrd); - } - } else { - return permNames; - } - } - - public Result> getPerms(boolean lookup) { - if(perms==null) { - // Note: It should be ok for a Valid user to have no permissions - - // 8/12/2013 - Result> rss = getPermNames(); - if(rss.isOK()) { - List lpdd = new ArrayList(); - for (String perm : rss.value) { - if(lookup) { - Result ap = PermDAO.Data.decodeToArray(trans, q, perm); - if(ap.isOK()) { - Result> rlpd = q.permDAO.read(perm,trans,ap); - if (rlpd.isOKhasData()) { - for (PermDAO.Data pData : rlpd.value) { - lpdd.add(pData); - } - } - } else { - trans.error().log("In getPermsByUser, for", user, perm); - } - } else { - Result pr = PermDAO.Data.decode(trans, q, perm); - if (pr.notOK()) { - trans.error().log("In getPermsByUser, for", user, pr.errorString()); - } else { - lpdd.add(pr.value); - } - } - - } - return perms = Result.ok(lpdd); - } else { - return perms = Result.err(rss); - } - } else { - return perms; - } - } -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Question.java b/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Question.java deleted file mode 100644 index c552cc93..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/aaf/hl/Question.java +++ /dev/null @@ -1,1087 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.hl; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.TreeSet; - -import org.onap.aaf.authz.common.Define; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.env.AuthzTransFilter; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.authz.org.Organization; -import org.onap.aaf.authz.org.Organization.Identity; -import org.onap.aaf.dao.AbsCassDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.aaf.cached.CachedCertDAO; -import org.onap.aaf.dao.aaf.cached.CachedCredDAO; -import org.onap.aaf.dao.aaf.cached.CachedNSDAO; -import org.onap.aaf.dao.aaf.cached.CachedPermDAO; -import org.onap.aaf.dao.aaf.cached.CachedRoleDAO; -import org.onap.aaf.dao.aaf.cached.CachedUserRoleDAO; -import org.onap.aaf.dao.aaf.cass.ApprovalDAO; -import org.onap.aaf.dao.aaf.cass.CacheInfoDAO; -import org.onap.aaf.dao.aaf.cass.CertDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.DelegateDAO; -import org.onap.aaf.dao.aaf.cass.FutureDAO; -import org.onap.aaf.dao.aaf.cass.HistoryDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.NsSplit; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; - -import org.onap.aaf.cadi.Hash; -import org.onap.aaf.cadi.aaf.PermEval; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; -import com.datastax.driver.core.Cluster; - -/** - * Question HL DAO - * - * A Data Access Combination Object which asks Security and other Questions - * - * - */ -public class Question { - // DON'T CHANGE FROM lower Case!!! - public static enum Type { - ns, role, perm, cred - }; - - public static final String OWNER="owner"; - public static final String ADMIN="admin"; - public static final String DOT_OWNER=".owner"; - public static final String DOT_ADMIN=".admin"; - static final String ASTERIX = "*"; - - public static enum Access { - read, write, create - }; - - public static final String READ = Access.read.name(); - public static final String WRITE = Access.write.name(); - public static final String CREATE = Access.create.name(); - - public static final String ROLE = Type.role.name(); - public static final String PERM = Type.perm.name(); - public static final String NS = Type.ns.name(); - public static final String CRED = Type.cred.name(); - private static final String DELG = "delg"; - public static final String ATTRIB = "attrib"; - - - public static final int MAX_SCOPE = 10; - public static final int APP_SCOPE = 3; - public static final int COMPANY_SCOPE = 2; - static Slot PERMS; - - private static Set specialLog = null; - public static final SecureRandom random = new SecureRandom(); - private static long traceID = random.nextLong(); - private static final String SPECIAL_LOG_SLOT = "SPECIAL_LOG_SLOT"; - private static Slot specialLogSlot = null; - private static Slot transIDSlot = null; - - - public final HistoryDAO historyDAO; - public final CachedNSDAO nsDAO; - public final CachedRoleDAO roleDAO; - public final CachedPermDAO permDAO; - public final CachedUserRoleDAO userRoleDAO; - public final CachedCredDAO credDAO; - public final CachedCertDAO certDAO; - public final DelegateDAO delegateDAO; - public final FutureDAO futureDAO; - public final ApprovalDAO approvalDAO; - private final CacheInfoDAO cacheInfoDAO; - - // final ContactDAO contDAO; - // private static final String DOMAIN = "@aaf.att.com"; - // private static final int DOMAIN_LENGTH = 0; - - public Question(AuthzTrans trans, Cluster cluster, String keyspace, boolean startClean) throws APIException, IOException { - PERMS = trans.slot("USER_PERMS"); - trans.init().log("Instantiating DAOs"); - historyDAO = new HistoryDAO(trans, cluster, keyspace); - - // Deal with Cached Entries - cacheInfoDAO = new CacheInfoDAO(trans, historyDAO); - - nsDAO = new CachedNSDAO(new NsDAO(trans, historyDAO, cacheInfoDAO), - cacheInfoDAO); - permDAO = new CachedPermDAO( - new PermDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO); - roleDAO = new CachedRoleDAO( - new RoleDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO); - userRoleDAO = new CachedUserRoleDAO(new UserRoleDAO(trans, historyDAO, - cacheInfoDAO), cacheInfoDAO); - credDAO = new CachedCredDAO( - new CredDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO); - certDAO = new CachedCertDAO( - new CertDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO); - - futureDAO = new FutureDAO(trans, historyDAO); - delegateDAO = new DelegateDAO(trans, historyDAO); - approvalDAO = new ApprovalDAO(trans, historyDAO); - - // Only want to aggressively cleanse User related Caches... The others, - // just normal refresh - if(startClean) { - CachedDAO.startCleansing(trans.env(), credDAO, userRoleDAO); - CachedDAO.startRefresh(trans.env(), cacheInfoDAO); - } - // Set a Timer to Check Caches to send messages for Caching changes - - if(specialLogSlot==null) { - specialLogSlot = trans.slot(SPECIAL_LOG_SLOT); - transIDSlot = trans.slot(AuthzTransFilter.TRANS_ID_SLOT); - } - - AbsCassDAO.primePSIs(trans); - } - - - public void close(AuthzTrans trans) { - historyDAO.close(trans); - cacheInfoDAO.close(trans); - nsDAO.close(trans); - permDAO.close(trans); - roleDAO.close(trans); - userRoleDAO.close(trans); - credDAO.close(trans); - certDAO.close(trans); - delegateDAO.close(trans); - futureDAO.close(trans); - approvalDAO.close(trans); - } - - public Result permFrom(AuthzTrans trans, String type, - String instance, String action) { - Result rnd = deriveNs(trans, type); - if (rnd.isOK()) { - return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type), - instance, action)); - } else { - return Result.err(rnd); - } - } - - /** - * getPermsByUser - * - * Because this call is frequently called internally, AND because we already - * look for it in the initial Call, we cache within the Transaction - * - * @param trans - * @param user - * @return - */ - public Result> getPermsByUser(AuthzTrans trans, String user, boolean lookup) { - return PermLookup.get(trans, this, user).getPerms(lookup); - } - - public Result> getPermsByUserFromRolesFilter(AuthzTrans trans, String user, String forUser) { - PermLookup plUser = PermLookup.get(trans, this, user); - Result> plPermNames = plUser.getPermNames(); - if(plPermNames.notOK()) { - return Result.err(plPermNames); - } - - Set nss; - if(forUser.equals(user)) { - nss = null; - } else { - // Setup a TreeSet to check on Namespaces to - nss = new TreeSet(); - PermLookup fUser = PermLookup.get(trans, this, forUser); - Result> forUpn = fUser.getPermNames(); - if(forUpn.notOK()) { - return Result.err(forUpn); - } - - for(String pn : forUpn.value) { - Result decoded = PermDAO.Data.decodeToArray(trans, this, pn); - if(decoded.isOKhasData()) { - nss.add(decoded.value[0]); - } else { - trans.error().log(pn,", derived from a Role, is invalid:",decoded.errorString()); - } - } - } - - List rlpUser = new ArrayList(); - Result rpdd; - PermDAO.Data pdd; - for(String pn : plPermNames.value) { - rpdd = PermDAO.Data.decode(trans, this, pn); - if(rpdd.isOKhasData()) { - pdd=rpdd.value; - if(nss==null || nss.contains(pdd.ns)) { - rlpUser.add(pdd); - } - } else { - trans.error().log(pn,", derived from a Role, is invalid. Run Data Cleanup:",rpdd.errorString()); - } - } - return Result.ok(rlpUser); - } - - public Result> getPermsByType(AuthzTrans trans, String perm) { - Result nss = deriveNsSplit(trans, perm); - if (nss.notOK()) { - return Result.err(nss); - } - return permDAO.readByType(trans, nss.value.ns, nss.value.name); - } - - public Result> getPermsByName(AuthzTrans trans, - String type, String instance, String action) { - Result nss = deriveNsSplit(trans, type); - if (nss.notOK()) { - return Result.err(nss); - } - return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action); - } - - public Result> getPermsByRole(AuthzTrans trans, String role, boolean lookup) { - Result nss = deriveNsSplit(trans, role); - if (nss.notOK()) { - return Result.err(nss); - } - - Result> rlrd = roleDAO.read(trans, nss.value.ns, - nss.value.name); - if (rlrd.notOKorIsEmpty()) { - return Result.err(rlrd); - } - // Using Set to avoid duplicates - Set permNames = new HashSet(); - if (rlrd.isOKhasData()) { - for (RoleDAO.Data drr : rlrd.value) { - permNames.addAll(drr.perms(false)); - } - } - - // Note: It should be ok for a Valid user to have no permissions - - // 8/12/2013 - List perms = new ArrayList(); - for (String perm : permNames) { - Result pr = PermDAO.Data.decode(trans, this, perm); - if (pr.notOK()) { - return Result.err(pr); - } - - if(lookup) { - Result> rlpd = permDAO.read(trans, pr.value); - if (rlpd.isOKhasData()) { - for (PermDAO.Data pData : rlpd.value) { - perms.add(pData); - } - } - } else { - perms.add(pr.value); - } - } - - return Result.ok(perms); - } - - public Result> getRolesByName(AuthzTrans trans, - String role) { - Result nss = deriveNsSplit(trans, role); - if (nss.notOK()) { - return Result.err(nss); - } - String r = nss.value.name; - if (r.endsWith(".*")) { // do children Search - return roleDAO.readChildren(trans, nss.value.ns, - r.substring(0, r.length() - 2)); - } else if (ASTERIX.equals(r)) { - return roleDAO.readChildren(trans, nss.value.ns, ASTERIX); - } else { - return roleDAO.read(trans, nss.value.ns, r); - } - } - - /** - * Derive NS - * - * Given a Child Namespace, figure out what the best Namespace parent is. - * - * For instance, if in the NS table, the parent "com.att" exists, but not - * "com.att.child" or "com.att.a.b.c", then passing in either - * "com.att.child" or "com.att.a.b.c" will return "com.att" - * - * Uses recursive search on Cached DAO data - * - * @param trans - * @param child - * @return - */ - public Result deriveNs(AuthzTrans trans, String child) { - Result> r = nsDAO.read(trans, child); - - if (r.isOKhasData()) { - return Result.ok(r.value.get(0)); - } else { - int dot = child == null ? -1 : child.lastIndexOf('.'); - if (dot < 0) { - return Result.err(Status.ERR_NsNotFound, - "No Namespace for [%s]", child); - } else { - return deriveNs(trans, child.substring(0, dot)); - } - } - } - - public Result deriveFirstNsForType(AuthzTrans trans, String str, NsType type) { - NsDAO.Data nsd; - - System.out.println("value of str before for loop ---------0---++++++++++++++++++" +str); - for(int idx = str.indexOf('.');idx>=0;idx=str.indexOf('.',idx+1)) { - // System.out.println("printing value of str-----------------1------------++++++++++++++++++++++" +str); - Result> rld = nsDAO.read(trans, str.substring(0,idx)); - System.out.println("value of idx is -----------------++++++++++++++++++++++++++" +idx); - System.out.println("printing value of str.substring-----------------1------------++++++++++++++++++++++" + (str.substring(0,idx))); - System.out.println("value of ResultListData ------------------2------------+++++++++++++++++++++++++++" +rld); - if(rld.isOKhasData()) { - System.out.println("In if loop -----------------3-------------- ++++++++++++++++"); - System.out.println("value of nsd=rld.value.get(0).type -----------4------++++++++++++++++++++++++++++++++++++" +(nsd=rld.value.get(0)).type); - System.out.println("value of rld.value.get(0).name.toString()+++++++++++++++++++++++++++++++ " +rld.value.get(0).name); - if(type.type == (nsd=rld.value.get(0)).type) { - return Result.ok(nsd); - } - } else { - System.out.println("In else loop ----------------4------------+++++++++++++++++++++++"); - return Result.err(Status.ERR_NsNotFound,"There is no valid Company Namespace for %s",str.substring(0,idx)); - } - } - return Result.err(Status.ERR_NotFound, str + " does not contain type " + type.name()); - } - - public Result deriveNsSplit(AuthzTrans trans, String child) { - Result ndd = deriveNs(trans, child); - if (ndd.isOK()) { - NsSplit nss = new NsSplit(ndd.value, child); - if (nss.isOK()) { - return Result.ok(nss); - } else { - return Result.err(Status.ERR_NsNotFound, - "Cannot split [%s] into valid namespace elements", - child); - } - } - return Result.err(ndd); - } - - /** - * Translate an ID into it's domain - * - * i.e. myid1234@myapp.att.com results in domain of com.att.myapp - * - * @param id - * @return - */ - public static String domain2ns(String id) { - int at = id.indexOf('@'); - if (at >= 0) { - String[] domain = id.substring(at + 1).split("\\."); - StringBuilder ns = new StringBuilder(id.length()); - boolean first = true; - for (int i = domain.length - 1; i >= 0; --i) { - if (first) { - first = false; - } else { - ns.append('.'); - } - ns.append(domain[i]); - } - return ns.toString(); - } else { - return ""; - } - - } - - /** - * Validate Namespace of ID@Domain - * - * Namespace is reverse order of Domain. - * - * i.e. myid1234@myapp.att.com results in domain of com.att.myapp - * - * @param trans - * @param id - * @return - */ - public Result validNSOfDomain(AuthzTrans trans, String id) { - // Take domain, reverse order, and check on NS - String ns; - if(id.indexOf('@')<0) { // it's already an ns, not an ID - ns = id; - } else { - ns = domain2ns(id); - } - if (ns.length() > 0) { - if(!trans.org().getDomain().equals(ns)) { - Result> rlnsd = nsDAO.read(trans, ns); - if (rlnsd.isOKhasData()) { - return Result.ok(rlnsd.value.get(0)); - } - } - } - return Result.err(Status.ERR_NsNotFound, - "A Namespace is not available for %s", id); - } - - public Result mayUser(AuthzTrans trans, String user,NsDAO.Data ndd, Access access) { - // .access|:role:| - String ns = ndd.name; - int last; - do { - if (isGranted(trans, user, ns, "access", ":ns", access.name())) { - return Result.ok(ndd); - } - if ((last = ns.lastIndexOf('.')) >= 0) { - ns = ns.substring(0, last); - } - } while (last >= 0); - // .ns|::ns| - // AAF-724 - Make consistent response for May User", and not take the - // last check... too confusing. - Result rv = mayUserVirtueOfNS(trans, user, ndd, ":" + ndd.name + ":ns", access.name()); - if (rv.isOK()) { - return rv; - } else if(rv.status==Result.ERR_Backend) { - return Result.err(rv); - } else { - return Result.err(Status.ERR_Denied, "[%s] may not %s in NS [%s]", - user, access.name(), ndd.name); - } - } - - public Result mayUser(AuthzTrans trans, String user, RoleDAO.Data rdd, Access access) { - Result rnsd = deriveNs(trans, rdd.ns); - if (rnsd.isOK()) { - return mayUser(trans, user, rnsd.value, rdd, access); - } - return rnsd; - } - - public Result mayUser(AuthzTrans trans, String user, NsDAO.Data ndd, RoleDAO.Data rdd, Access access) { - // 1) Is User in the Role? - Result> rurd = userRoleDAO.readUserInRole(trans, user, rdd.fullName()); - if (rurd.isOKhasData()) { - return Result.ok(ndd); - } - - String roleInst = ":role:" + rdd.name; - // .access|:role:| - String ns = rdd.ns; - int last; - do { - if (isGranted(trans, user, ns,"access", roleInst, access.name())) { - return Result.ok(ndd); - } - if ((last = ns.lastIndexOf('.')) >= 0) { - ns = ns.substring(0, last); - } - } while (last >= 0); - - // Check if Access by Global Role perm - // .ns|::role:name| - Result rnsd = mayUserVirtueOfNS(trans, user, ndd, ":" - + rdd.ns + roleInst, access.name()); - if (rnsd.isOK()) { - return rnsd; - } else if(rnsd.status==Result.ERR_Backend) { - return Result.err(rnsd); - } - - // Check if Access to Whole NS - // AAF-724 - Make consistent response for May User", and not take the - // last check... too confusing. - Result rv = mayUserVirtueOfNS(trans, user, ndd, - ":" + rdd.ns + ":ns", access.name()); - if (rv.isOK()) { - return rv; - } else if(rnsd.status==Result.ERR_Backend) { - return Result.err(rnsd); - } else { - return Result.err(Status.ERR_Denied, "[%s] may not %s Role [%s]", - user, access.name(), rdd.fullName()); - } - - } - - public Result mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) { - Result rnsd = deriveNs(trans, pdd.ns); - if (rnsd.isOK()) { - return mayUser(trans, user, rnsd.value, pdd, access); - } - return rnsd; - } - - public Result mayUser(AuthzTrans trans, String user,NsDAO.Data ndd, PermDAO.Data pdd, Access access) { - if (isGranted(trans, user, pdd.ns, pdd.type, pdd.instance, pdd.action)) { - return Result.ok(ndd); - } - String permInst = ":perm:" + pdd.type + ':' + pdd.instance + ':' + pdd.action; - // .access|:role:| - String ns = ndd.name; - int last; - do { - if (isGranted(trans, user, ns, "access", permInst, access.name())) { - return Result.ok(ndd); - } - if ((last = ns.lastIndexOf('.')) >= 0) { - ns = ns.substring(0, last); - } - } while (last >= 0); - - // Check if Access by NS perm - // .ns|::role:name| - Result rnsd = mayUserVirtueOfNS(trans, user, ndd, ":" + pdd.ns + permInst, access.name()); - if (rnsd.isOK()) { - return rnsd; - } else if(rnsd.status==Result.ERR_Backend) { - return Result.err(rnsd); - } - - // Check if Access to Whole NS - // AAF-724 - Make consistent response for May User", and not take the - // last check... too confusing. - Result rv = mayUserVirtueOfNS(trans, user, ndd, ":" + pdd.ns + ":ns", access.name()); - if (rv.isOK()) { - return rv; - } else { - return Result.err(Status.ERR_Denied, - "[%s] may not %s Perm [%s|%s|%s]", user, access.name(), - pdd.fullType(), pdd.instance, pdd.action); - } - - } - - public Result mayUser(AuthzTrans trans, DelegateDAO.Data dd, Access access) { - try { - boolean isUser = trans.user().equals(dd.user); - boolean isDelegate = dd.delegate != null - && (dd.user.equals(dd.delegate) || trans.user().equals( - dd.delegate)); - Organization org = trans.org(); - switch (access) { - case create: - if (org.getIdentity(trans, dd.user) == null) { - return Result.err(Status.ERR_UserNotFound, - "[%s] is not a user in the company database.", - dd.user); - } - if (!dd.user.equals(dd.delegate) && org.getIdentity(trans, dd.delegate) == null) { - return Result.err(Status.ERR_UserNotFound, - "[%s] is not a user in the company database.", - dd.delegate); - } - if (!trans.forceRequested() && dd.user != null && dd.user.equals(dd.delegate)) { - return Result.err(Status.ERR_BadData, - "[%s] cannot be a delegate for self", dd.user); - } - if (!isUser && !isGranted(trans, trans.user(), Define.ROOT_NS,DELG, - org.getDomain(), Question.CREATE)) { - return Result.err(Status.ERR_Denied, - "[%s] may not create a delegate for [%s]", - trans.user(), dd.user); - } - break; - case read: - case write: - if (!isUser && !isDelegate && - !isGranted(trans, trans.user(), Define.ROOT_NS,DELG,org.getDomain(), access.name())) { - return Result.err(Status.ERR_Denied, - "[%s] may not %s delegates for [%s]", trans.user(), - access.name(), dd.user); - } - break; - default: - return Result.err(Status.ERR_BadData,"Unknown Access type [%s]", access.name()); - } - } catch (Exception e) { - return Result.err(e); - } - return Result.ok(); - } - - /* - * Check (recursively, if necessary), if able to do something based on NS - */ - private Result mayUserVirtueOfNS(AuthzTrans trans, String user, NsDAO.Data nsd, String ns_and_type, String access) { - String ns = nsd.name; - - // If an ADMIN of the Namespace, then allow - - Result> rurd; - if ((rurd = userRoleDAO.readUserInRole(trans, user, nsd.name+ADMIN)).isOKhasData()) { - return Result.ok(nsd); - } else if(rurd.status==Result.ERR_Backend) { - return Result.err(rurd); - } - - // If Specially granted Global Permission - if (isGranted(trans, user, Define.ROOT_NS,NS, ns_and_type, access)) { - return Result.ok(nsd); - } - - // Check recur - - int dot = ns.length(); - if ((dot = ns.lastIndexOf('.', dot - 1)) >= 0) { - Result rnsd = deriveNs(trans, ns.substring(0, dot)); - if (rnsd.isOK()) { - rnsd = mayUserVirtueOfNS(trans, user, rnsd.value, ns_and_type,access); - } else if(rnsd.status==Result.ERR_Backend) { - return Result.err(rnsd); - } - if (rnsd.isOK()) { - return Result.ok(nsd); - } else if(rnsd.status==Result.ERR_Backend) { - return Result.err(rnsd); - } - } - return Result.err(Status.ERR_Denied, "%s may not %s %s", user, access, - ns_and_type); - } - - - /** - * isGranted - * - * Important function - Check internal Permission Schemes for Permission to - * do things - * - * @param trans - * @param type - * @param instance - * @param action - * @return - */ - public boolean isGranted(AuthzTrans trans, String user, String ns, String type,String instance, String action) { - Result> perms = getPermsByUser(trans, user, false); - if (perms.isOK()) { - for (PermDAO.Data pd : perms.value) { - if (ns.equals(pd.ns)) { - if (type.equals(pd.type)) { - if (PermEval.evalInstance(pd.instance, instance)) { - if(PermEval.evalAction(pd.action, action)) { // don't return action here, might miss other action - return true; - } - } - } - } - } - } - return false; - } - - public Result doesUserCredMatch(AuthzTrans trans, String user, byte[] cred) throws DAOException { - Result> result; - TimeTaken tt = trans.start("Read DB Cred", Env.REMOTE); - try { - result = credDAO.readID(trans, user); - } finally { - tt.done(); - } - - Result rv = null; - if(result.isOK()) { - if (result.isEmpty()) { - rv = Result.err(Status.ERR_UserNotFound, user); - if (willSpecialLog(trans,user)) { - trans.audit().log("Special DEBUG:", user, " does not exist in DB"); - } - } else { - Date now = new Date();//long now = System.currentTimeMillis(); - ByteBuffer md5=null; - - // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. - List cddl; - if(result.value.size() > 1) { - cddl = new ArrayList(result.value.size()); - for(CredDAO.Data old : result.value) { - if(old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) { - cddl.add(old); - } - } - if(cddl.size()>1) { - Collections.sort(cddl,new Comparator() { - @Override - public int compare(org.onap.aaf.dao.aaf.cass.CredDAO.Data a, - org.onap.aaf.dao.aaf.cass.CredDAO.Data b) { - return b.expires.compareTo(a.expires); - } - }); - } - } else { - cddl = result.value; - } - - for (CredDAO.Data cdd : cddl) { - if (cdd.expires.after(now)) { - try { - switch(cdd.type) { - case CredDAO.BASIC_AUTH: - if(md5==null) { - md5=ByteBuffer.wrap(Hash.encryptMD5(cred)); - } - if(md5.compareTo(cdd.cred)==0) { - return Result.ok(cdd.expires); - } else if (willSpecialLog(trans,user)) { - trans.audit().log("Special DEBUG:", user, "Client sent: ", trans.encryptor().encrypt(new String(cred)) ,cdd.expires); - } - break; - case CredDAO.BASIC_AUTH_SHA256: - ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + cred.length); - bb.putInt(cdd.other); - bb.put(cred); - byte[] hash = Hash.hashSHA256(bb.array()); - - ByteBuffer sha256 = ByteBuffer.wrap(hash); - if(sha256.compareTo(cdd.cred)==0) { - return Result.ok(cdd.expires); - } else if (willSpecialLog(trans,user)) { - trans.audit().log("Special DEBUG:", user, "Client sent: ", trans.encryptor().encrypt(new String(cred)) ,cdd.expires); - } - break; - default: - trans.error().log("Unknown Credential Type %s for %s, %s",Integer.toString(cdd.type),cdd.id, Chrono.dateTime(cdd.expires)); - } - } catch (NoSuchAlgorithmException e) { - trans.error().log(e); - } - } else { - rv = Result.err(Status.ERR_Security, - "Credentials expired " + cdd.expires.toString()); - } - } // end for each - } - } else { - return Result.err(result); - } - return rv == null ? Result.create((Date) null, Status.ERR_Security, - "Wrong credential") : rv; - } - - - public Result userCredSetup(AuthzTrans trans, CredDAO.Data cred) { - if(cred.type==CredDAO.RAW) { - TimeTaken tt = trans.start("Hash Cred", Env.SUB); - try { - cred.type = CredDAO.BASIC_AUTH_SHA256; - cred.other = random.nextInt(); - ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + cred.cred.capacity()); - bb.putInt(cred.other); - bb.put(cred.cred); - byte[] hash = Hash.hashSHA256(bb.array()); - cred.cred = ByteBuffer.wrap(hash); - return Result.ok(cred); - } catch (NoSuchAlgorithmException e) { - return Result.err(Status.ERR_General,e.getLocalizedMessage()); - } finally { - tt.done(); - } - - } - return Result.err(Status.ERR_Security,"invalid/unreadable credential"); - } - - - public static final String APPROVED = "APPROVE"; - public static final String REJECT = "REJECT"; - public static final String PENDING = "PENDING"; - - public Result canAddUser(AuthzTrans trans, UserRoleDAO.Data data, - List approvals) { - // get the approval policy for the organization - - // get the list of approvals with an accept status - - // validate the approvals against the policy - - // for now check if all approvals are received and return - // SUCCESS/FAILURE/SKIP - boolean bReject = false; - boolean bPending = false; - - for (ApprovalDAO.Data approval : approvals) { - if (approval.status.equals(REJECT)) { - bReject = true; - } else if (approval.status.equals(PENDING)) { - bPending = true; - } - } - if (bReject) { - return Result.err(Status.ERR_Policy, - "Approval Polocy not conformed"); - } - if (bPending) { - return Result.err(Status.ERR_ActionNotCompleted, - "Required Approvals not received"); - } - - return Result.ok(); - } - - private static final String NO_CACHE_NAME = "No Cache Data named %s"; - - public Result clearCache(AuthzTrans trans, String cname) { - boolean all = "all".equals(cname); - Result rv = null; - - if (all || NsDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, NsDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, NsDAO.TABLE, seg); - } - if (all || PermDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, PermDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, PermDAO.TABLE,seg); - } - if (all || RoleDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, RoleDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, RoleDAO.TABLE,seg); - } - if (all || UserRoleDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, UserRoleDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, UserRoleDAO.TABLE,seg); - } - if (all || CredDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, CredDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, CredDAO.TABLE,seg); - } - if (all || CertDAO.TABLE.equals(cname)) { - int seg[] = series(NsDAO.CACHE_SEG); - for(int i: seg) {cacheClear(trans, CertDAO.TABLE,i);} - rv = cacheInfoDAO.touch(trans, CertDAO.TABLE,seg); - } - - if (rv == null) { - rv = Result.err(Status.ERR_BadData, NO_CACHE_NAME, cname); - } - return rv; - } - - public Result cacheClear(AuthzTrans trans, String cname,Integer segment) { - Result rv; - if (NsDAO.TABLE.equals(cname)) { - rv = nsDAO.invalidate(segment); - } else if (PermDAO.TABLE.equals(cname)) { - rv = permDAO.invalidate(segment); - } else if (RoleDAO.TABLE.equals(cname)) { - rv = roleDAO.invalidate(segment); - } else if (UserRoleDAO.TABLE.equals(cname)) { - rv = userRoleDAO.invalidate(segment); - } else if (CredDAO.TABLE.equals(cname)) { - rv = credDAO.invalidate(segment); - } else if (CertDAO.TABLE.equals(cname)) { - rv = certDAO.invalidate(segment); - } else { - rv = Result.err(Status.ERR_BadData, NO_CACHE_NAME, cname); - } - return rv; - } - - private int[] series(int max) { - int[] series = new int[max]; - for (int i = 0; i < max; ++i) - series[i] = i; - return series; - } - - public boolean isDelegated(AuthzTrans trans, String user, String approver) { - Result> userDelegatedFor = delegateDAO - .readByDelegate(trans, user); - for (DelegateDAO.Data curr : userDelegatedFor.value) { - if (curr.user.equals(approver) && curr.delegate.equals(user) - && curr.expires.after(new Date())) { - return true; - } - } - return false; - } - - public static boolean willSpecialLog(AuthzTrans trans, String user) { - Boolean b = trans.get(specialLogSlot, null); - if(b==null) { - if(specialLog==null) { - return false; - } else { - b = specialLog.contains(user); - trans.put(specialLogSlot, b); - } - } - return b; - } - - public static void logEncryptTrace(AuthzTrans trans, String data) { - long ti; - trans.put(transIDSlot, ti=nextTraceID()); - trans.trace().log("id="+Long.toHexString(ti)+",data=\""+trans.env().encryptor().encrypt(data)+'"'); - } - - private synchronized static long nextTraceID() { - return ++traceID; - } - - public static synchronized boolean specialLogOn(AuthzTrans trans, String id) { - if (specialLog == null) { - specialLog = new HashSet(); - } - boolean rc = specialLog.add(id); - if(rc) { - trans.trace().log("Trace on for",id); - } - return rc; - } - - public static synchronized boolean specialLogOff(AuthzTrans trans, String id) { - if(specialLog==null) { - return false; - } - boolean rv = specialLog.remove(id); - if (specialLog.isEmpty()) { - specialLog = null; - } - if(rv) { - trans.trace().log("Trace off for",id); - } - return rv; - } - - /** - * canMove - * Which Types can be moved - * @param nsType - * @return - */ - public boolean canMove(NsType nsType) { - boolean rv; - switch(nsType) { - case DOT: - case ROOT: - case COMPANY: - case UNKNOWN: - rv = false; - break; - default: - rv = true; - } - return rv; - } - - public Result isOwnerSponsor(AuthzTrans trans, String user, String ns, Identity mechID) { - - Identity caller; - Organization org = trans.org(); - try { - caller = org.getIdentity(trans, user); - if(caller==null || !caller.isFound()) { - return Result.err(Status.ERR_NotFound,"%s is not a registered %s entity",user,org.getName()); - } - } catch (Exception e) { - return Result.err(e); - } - String sponsor = mechID.responsibleTo(); - Result> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER); - boolean isOwner = false; - if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){ - if(urdd.expires.after(new Date())) { - isOwner = true; - } - }}; - if(!isOwner) { - return Result.err(Status.ERR_Policy,"%s is not a current owner of %s",user,ns); - } - - if(!caller.id().equals(sponsor)) { - return Result.err(Status.ERR_Denied,"%s is not the sponsor of %s",user,mechID.id()); - } - return Result.ok(sponsor); - } - - public boolean isAdmin(AuthzTrans trans, String user, String ns) { - Date now = new Date(); - Result> rur = userRoleDAO.read(trans, user,ns+ADMIN); - if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){ - if(urdd.expires.after(now)) { - return true; - } - }}; - return false; - } - - public boolean isOwner(AuthzTrans trans, String user, String ns) { - Result> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER); - Date now = new Date(); - if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){ - if(urdd.expires.after(now)) { - return true; - } - }}; - return false; - } - - public int countOwner(AuthzTrans trans, String user, String ns) { - Result> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER); - Date now = new Date(); - int count = 0; - if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){ - if(urdd.expires.after(now)) { - ++count; - } - }}; - return count; - } - -} diff --git a/authz-cass/src/main/java/org/onap/aaf/dao/session/SessionFilter.java b/authz-cass/src/main/java/org/onap/aaf/dao/session/SessionFilter.java deleted file mode 100644 index 9e604438..00000000 --- a/authz-cass/src/main/java/org/onap/aaf/dao/session/SessionFilter.java +++ /dev/null @@ -1,142 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.session; - -import java.io.IOException; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - -import org.onap.aaf.cssa.rserv.TransFilter; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.EnvStore; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TransStore; -import org.onap.aaf.inno.env.util.Pool; -import org.onap.aaf.inno.env.util.Pool.Creator; -import org.onap.aaf.inno.env.util.Pool.Pooled; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.Session; - -public class SessionFilter implements Filter { - public static final String SESSION_SLOT = "__SESSION__"; - private static Slot sessionSlot; - private static Pool pool; - - public SessionFilter(EnvStore env, Cluster cluster, String keyspace) { - synchronized(env) { - if(sessionSlot==null) { - sessionSlot = env.slot(SESSION_SLOT); - } - if(pool==null) { - pool = new Pool(new SessionCreator(env,cluster,keyspace)); - } - } - } - - @Override - public void init(FilterConfig fc) throws ServletException { - // Session does not need any sort of configuration from Filter - } - - @Override - public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { - @SuppressWarnings("unchecked") - TRANS trans = (TRANS)req.getAttribute(TransFilter.TRANS_TAG); - try { - Pooled psess = pool.get(); - try { - trans.put(sessionSlot, psess.content); - chain.doFilter(req, resp); - } finally { - psess.done(); - } - } catch (APIException e) { - throw new ServletException(e); - } - } - - public Pooled load(TRANS trans) throws APIException { - Pooled psess = pool.get(); - trans.put(sessionSlot, psess.content); - return psess; - } - - - /** - * Clear will drain the pool, so that new Sessions will be constructed. - * - * Suitable for Management calls. - */ - public static void clear() { - if(pool!=null) { - pool.drain(); - } - } - - @Override - public void destroy() { - pool.drain(); - } - - private class SessionCreator implements Creator { - private Cluster cluster; - private String keyspace; - private Env env; - - public SessionCreator(Env env, Cluster cluster, String keyspace) { - this.cluster = cluster; - this.keyspace = keyspace; - this.env = env; - } - - @Override - public Session create() throws APIException { - env.info().log("Creating a Cassandra Session"); - return cluster.connect(keyspace); - } - - @Override - public void destroy(Session t) { - env.info().log("Shutting down a Cassandra Session"); - t.close(); - } - - @Override - public boolean isValid(Session t) { - return true; - } - - @Override - public void reuse(Session t) { - // Nothing is needed to reuse this Session - } - - } -} diff --git a/authz-cass/src/test/java/org/onap/aaf/authz/cass/hl/JU_Question.java b/authz-cass/src/test/java/org/onap/aaf/authz/cass/hl/JU_Question.java deleted file mode 100644 index 86bc1ab3..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/authz/cass/hl/JU_Question.java +++ /dev/null @@ -1,500 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.cass.hl; - -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertFalse; -import static junit.framework.Assert.assertTrue; - -import java.security.Principal; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; - -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; -import org.onap.aaf.dao.aaf.hl.Question; -import org.onap.aaf.dao.aaf.hl.Question.Access; -import org.onap.aaf.dao.aaf.test.AbsJUCass; - -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; - -public class JU_Question extends AbsJUCass { - - private static final int EXPIRES_IN = 60000000; - private static final String COM_TEST_JU = "com.test.ju_question"; - private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com"; - private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com"; - private static final String READ = "read"; - private static final int NFR_1 = 80; - private static final int NFR_2 = 4000; - private static final int ROLE_LEVEL1 = 1000; - private static final int PERM_LEVEL1 = 1000; -// private static final int PERM_LEVEL2 = 20; - private static Question q; - private static NsDAO.Data ndd; - - @BeforeClass - public static void startupBeforeClass() throws Exception { - details=false; - AuthzTrans trans = env.newTransNoAvg(); - q = new Question(trans,cluster,AUTHZ, false); - ndd = new NsDAO.Data(); - ndd.name=COM_TEST_JU; - ndd.type=3; // app - ndd.parent="com.test"; - ndd.description="Temporary Namespace for JU_Question"; - q.nsDAO.create(trans, ndd); - } - - @AfterClass - public static void endAfterClass() throws Exception { - q.nsDAO.delete(trans, ndd,false); - } -// @Test - public void mayUserRead_EmptyPerm() { - PermDAO.Data pdd = new PermDAO.Data(); - Result result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read); - assertFalse(result.isOK()); - } - -// @Test - public void mayUserRead_OnePermNotExist() { - Result result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read); - assertFalse(result.isOK()); - assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString()); - } - -// @Test - public void mayUserRead_OnePermExistDenied() { - PermDAO.Data perm = newPerm(0,0,READ); - q.permDAO.create(trans,perm); - try { - Result result; - TimeTaken tt = trans.start("q.mayUser...", Env.SUB); - try { - result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read); - } finally { - tt.done(); - assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis() result; - TimeTaken tt = trans.start("q.mayUser...", Env.SUB); - try { - result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read); - } finally { - tt.done(); - assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()> pres; - TimeTaken tt = trans.start("q.getPerms...", Env.SUB); - try { - pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM); - } finally { - tt.done(); - trans.info().log("filter_OnePermOneRleExistOK",tt); - assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis() lrole = new ArrayList(); - List lur = new ArrayList(); - try { - q.permDAO.create(trans,perm); - for(int i=0;i result; - TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB); - try { - result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read); - } finally { - tt.done(); - env.info().log(tt,ROLE_LEVEL1,"iterations"); - assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis() lperm = new ArrayList(); - try { - for(int i=0;i result; - TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB); - try { - result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read); - } finally { - tt.done(); - env.info().log(tt,PERM_LEVEL1,"iterations"); - assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis() lperm = new ArrayList(); -// List lrole = new ArrayList(); -// List lur = new ArrayList(); -// -// try { -// RoleDAO.Data role; -// UserRoleDAO.Data ur; -// for(int i=0;i result; -// TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB); -// try { -// result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read); -// } finally { -// tt.done(); -// env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role"); -// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis() lperm = new ArrayList(); - List lrole = new ArrayList(); - List lur = new ArrayList(); - load(roleLevel, permLevel, lperm,lrole,lur); - - - Result> pres; - trans.setUser(new Principal() { - @Override - public String getName() { - return JU9999_JU_TEST_COM; - } - }); - - try { - TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB); - try { - TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB); - try { - pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true); - } finally { - tt.done(); - env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM); - } - assertTrue(pres.isOK()); - tt = trans.start(" q.mayUser", Env.SUB); - List reduced = new ArrayList(); - - try { - for(PermDAO.Data p : pres.value) { - Result r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read); - if(r.isOK()) { - reduced.add(p); - } - } - } finally { - tt.done(); - env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size()); - // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis() lperm = new ArrayList(); - List lrole = new ArrayList(); - List lur = new ArrayList(); - load(roleLevel, permLevel, lperm,lrole,lur); - - try { - - Result> pres; - TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB); - try { - pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM); - } finally { - tt.done(); - env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles"); -// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis() lperm , List lrole, List lur) { - RoleDAO.Data role; - UserRoleDAO.Data ur; - PermDAO.Data perm; - - int onethirdR=roleLevel/3; - int twothirdR=onethirdR*2; - int onethirdP=permLevel/3; - int twothirdP=onethirdP*2; - - for(int i=0;i lperm , List lrole, List lur) { - for(PermDAO.Data perm : lperm) { - q.permDAO.delete(trans, perm, false); - } - for(RoleDAO.Data role : lrole) { - q.roleDAO.delete(trans, role, false); - } - for(UserRoleDAO.Data ur : lur) { - q.userRoleDAO.delete(trans, ur, false); - } - - } - private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) { - PermDAO.Data pdd = new PermDAO.Data(); - pdd.ns=COM_TEST_JU; - pdd.type="myPerm"+permNum; - pdd.instance="myInstance"+instNum; - pdd.action=action; - for(RoleDAO.Data r : grant) { - pdd.roles(true).add(r.fullName()); - r.perms(true).add(pdd.encode()); - } - return pdd; - } - - private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) { - RoleDAO.Data rdd = new RoleDAO.Data(); - rdd.ns = COM_TEST_JU+roleNum; - rdd.name = "myRole"+roleNum; - for(PermDAO.Data p : grant) { - rdd.perms(true).add(p.encode()); - p.roles(true).add(rdd.fullName()); - } - return rdd; - } - - private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) { - UserRoleDAO.Data urd = new UserRoleDAO.Data(); - urd.user=user; - urd.role(role); - urd.expires=new Date(System.currentTimeMillis()+offset); - return urd; - } - - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/JU_Cached.java b/authz-cass/src/test/java/org/onap/aaf/dao/JU_Cached.java deleted file mode 100644 index aa0785a4..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/JU_Cached.java +++ /dev/null @@ -1,127 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import static org.junit.Assert.*; - -import java.util.Date; -import java.util.List; -import java.util.Map; -import java.util.Timer; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cache.Cache; -import org.onap.aaf.cache.Cache.Dated; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.Cached; -import org.onap.aaf.dao.Cached.Getter; -import org.powermock.modules.junit4.PowerMockRunner; - -//import org.onap.aaf.dao.Cached.Refresh; -import org.onap.aaf.inno.env.Trans; - -@RunWith(PowerMockRunner.class) -public class JU_Cached { - Cached cached; - @Mock - CIDAO ciDaoMock; - @Mock - AuthzEnv authzEnvMock; - @Mock - CIDAO cidaoATMock; - - String name = "nameString"; - - @Before - public void setUp(){ - cached = new Cached(ciDaoMock, name, 0); - } - - @Test(expected=ArithmeticException.class) - public void testCachedIdx(){ - int Result = cached.cacheIdx("1234567890"); - } - - @Test(expected=ArithmeticException.class) - public void testInvalidate(){ - int Res = cached.invalidate(name); - } - - @SuppressWarnings("static-access") - @Test - public void testStopTimer(){ - cached.stopTimer(); - assertTrue(true); - } - - @SuppressWarnings("static-access") - @Test - public void testStartRefresh(){ - cached.startRefresh(authzEnvMock, cidaoATMock); - assertTrue(true); - } -// @Mock -// Trans transMock; -// @Mock -// Getter getterMock; -// -// @Test -// public void testGet(){ -// cached.get(transMock, name, getterMock); -// fail("not implemented"); -// } -// -// @SuppressWarnings("unchecked") -// public Result> get(TRANS trans, String key, Getter getter) { -// List ld = null; -// Result> rld = null; -// -// int cacheIdx = cacheIdx(key); -// Map map = ((Map)cache[cacheIdx]); -// -// // Check for saved element in cache -// Dated cached = map.get(key); -// // Note: These Segment Timestamps are kept up to date with DB -// Date dbStamp = info.get(trans, name,cacheIdx); -// -// // Check for cache Entry and whether it is still good (a good Cache Entry is same or after DBEntry, so we use "before" syntax) -// if(cached!=null && dbStamp.before(cached.timestamp)) { -// ld = (List)cached.data; -// rld = Result.ok(ld); -// } else { -// rld = getter.get(); -// if(rld.isOK()) { // only store valid lists -// map.put(key, new Dated(rld.value)); // successful item found gets put in cache -//// } else if(rld.status == Result.ERR_Backend){ -//// map.remove(key); -// } -// } -// return rld; -// } -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CachedDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/JU_CachedDAO.java deleted file mode 100644 index 3bb78d29..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CachedDAO.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import static org.junit.Assert.*; - -import java.util.ArrayList; -import java.util.List; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.onap.aaf.dao.CIDAO; -import org.onap.aaf.dao.CachedDAO; -import org.onap.aaf.dao.DAO; -import org.powermock.modules.junit4.PowerMockRunner; - -import org.onap.aaf.inno.env.Trans; - -@RunWith(PowerMockRunner.class) -public class JU_CachedDAO { - CachedDAO cachedDAO; - @Mock - DAO daoMock; - @Mock - CIDAO ciDAOMock; - int segsize=1; - Object[ ] objs = new Object[2]; - - @Before - public void setUp(){ - objs[0] = "helo"; - objs[1] = "polo"; - cachedDAO = new CachedDAO(daoMock, ciDAOMock, segsize); - } - - @Test - public void testKeyFromObjs(){ - String result = cachedDAO.keyFromObjs(objs); - System.out.println("value of resut " +result); - assertTrue(true); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassAccess.java b/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassAccess.java deleted file mode 100644 index 41443fb3..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassAccess.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import static org.junit.Assert.*; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.onap.aaf.dao.CassAccess; -import org.powermock.modules.junit4.PowerMockRunner; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -//import org.onap.aaf.dao.CassAccess.Resettable; -import com.datastax.driver.core.Cluster.Builder; - -@RunWith(PowerMockRunner.class) -public class JU_CassAccess { - CassAccess cassAccess; - - public static final String KEYSPACE = "authz"; - public static final String CASSANDRA_CLUSTERS = "cassandra.clusters"; - public static final String CASSANDRA_CLUSTERS_PORT = "cassandra.clusters.port"; - public static final String CASSANDRA_CLUSTERS_USER_NAME = "cassandra.clusters.user"; - public static final String CASSANDRA_CLUSTERS_PASSWORD = "cassandra.clusters.password"; - public static final String CASSANDRA_RESET_EXCEPTIONS = "cassandra.reset.exceptions"; - public static final String LATITUDE = "LATITUDE"; - public static final String LONGITUDE = "LONGITUDE"; - //private static final List resetExceptions = new ArrayList(); - public static final String ERR_ACCESS_MSG = "Accessing Backend"; - private static Builder cb = null; - @Mock - Env envMock; - String prefix=null; - - @Before - public void setUp(){ - cassAccess = new CassAccess(); - } - - - @Test(expected=APIException.class) - public void testCluster() throws APIException, IOException { - cassAccess.cluster(envMock, prefix); - - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassDAOImpl.java b/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassDAOImpl.java deleted file mode 100644 index 34106e26..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/JU_CassDAOImpl.java +++ /dev/null @@ -1,97 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import static org.junit.Assert.*; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.dao.CassDAOImpl; -import org.onap.aaf.dao.Loader; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.modules.junit4.PowerMockRunner; - -import org.onap.aaf.inno.env.Data; -import org.onap.aaf.inno.env.Trans; -import org.onap.aaf.inno.env.TransStore; -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ConsistencyLevel; - -@RunWith(PowerMockRunner.class) -public class JU_CassDAOImpl { - -public static final String CASS_READ_CONSISTENCY="cassandra.readConsistency"; -public static final String CASS_WRITE_CONSISTENCY="cassandra.writeConsistency"; - -CassDAOImpl cassDAOImpl; - - -@Mock -TransStore transStoreMock; -@SuppressWarnings("rawtypes") -Class dcMock; -@SuppressWarnings("rawtypes") -Loader loaderMock; -Cluster clusterMock; -Class classDataMock; -ConsistencyLevel consistencyLevelMock; -Trans transMock; - -@Mock -AuthzTrans authzTransMock; - - - - @SuppressWarnings({ "rawtypes", "unchecked" }) - @Before - public void setUp() - { - String name = "name"; - String keySpace = "keySpace"; - String table = "table"; - cassDAOImpl = new CassDAOImpl(transStoreMock, name, clusterMock, keySpace, classDataMock, table, consistencyLevelMock, consistencyLevelMock); - } - - - @Test - public void testReadConsistency() { - String table = "users"; - PowerMockito.when(authzTransMock.getProperty(CASS_READ_CONSISTENCY+'.'+table)).thenReturn("TWO"); - ConsistencyLevel consistencyLevel = cassDAOImpl.readConsistency(authzTransMock, table); - System.out.println("Consistency level" + consistencyLevel.name()); - assertEquals("TWO", consistencyLevel.name()); - } - - @Test - public void testWriteConsistency() { - String table = "users"; - PowerMockito.when(authzTransMock.getProperty(CASS_WRITE_CONSISTENCY+'.'+table)).thenReturn(null); - ConsistencyLevel consistencyLevel = cassDAOImpl.writeConsistency(authzTransMock, table); - System.out.println("Consistency level" + consistencyLevel.name()); - assertEquals("ONE", consistencyLevel.name()); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/JU_DAOException.java b/authz-cass/src/test/java/org/onap/aaf/dao/JU_DAOException.java deleted file mode 100644 index 4c3b11c7..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/JU_DAOException.java +++ /dev/null @@ -1,50 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao; - -import static org.junit.Assert.*; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.onap.aaf.dao.DAOException; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -public class JU_DAOException { -DAOException daoException; - - //DAOException daoException = new DAOException(); - String message = "message"; - Throwable cause; - @Before - public void setUp(){ - daoException = new DAOException(); - } - - @Test - public void test(){ - assertTrue(true); - } -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/AbsJUCass.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/AbsJUCass.java deleted file mode 100644 index 887f88b2..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/AbsJUCass.java +++ /dev/null @@ -1,200 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.NoSuchAlgorithmException; -import java.util.Properties; - -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.CassDAOImpl; - -import org.onap.aaf.cadi.Hash; -import org.onap.aaf.cadi.Symm; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Trans.Metric; -import com.datastax.driver.core.Cluster; - -import junit.framework.Assert; - -/** - * Do Setup of Cassandra for Cassandra JUnit Testing - * - * - */ -public class AbsJUCass { - protected static final String AUTHZ = "authz"; - protected static Cluster cluster; - protected static AuthzEnv env; - protected static int iterations = 0; - protected static float totals=0.0f; - protected static float remote = 0.0f; - protected static float json = 0.0f; - protected static AuthzTrans trans; - protected static boolean details = true; - - @BeforeClass - public static void startup() throws APIException, IOException { - synchronized(AUTHZ) { - if(env==null) { - final String resource = "cadi.properties"; - File f = new File("etc" + resource); - InputStream is=null; - Properties props = new Properties(); - try { - if(f.exists()) { - is = new FileInputStream(f); - } else { - URL rsrc = ClassLoader.getSystemResource(resource); - is = rsrc.openStream(); - } - props.load(is); - } finally { - if(is==null) { - env= new AuthzEnv(); - Assert.fail(resource + " must exist in etc dir, or in Classpath"); - } - is.close(); - } - env = new AuthzEnv(props); - } - } - cluster = CassAccess.cluster(env,"LOCAL"); - - env.info().log("Connecting to Cluster"); - try { - cluster.connect(AUTHZ); - } catch(Exception e) { - cluster=null; - env.error().log(e); - Assert.fail("Not able to connect to DB: " + e.getLocalizedMessage()); - } - env.info().log("Connected"); - - // Load special data here - - // WebPhone - env.setProperty("java.naming.provider.url","ldap://ldap.webphone.att.com:389"); - env.setProperty("com.sun.jndi.ldap.connect.pool","true"); - - iterations = 0; - - } - - @AfterClass - public static void shutdown() { - if(cluster!=null) { - cluster.close(); - cluster = null; - } - } - - @Before - public void newTrans() { - trans = env.newTrans(); - - trans.setProperty(CassDAOImpl.USER_NAME, System.getProperty("user.name")); - } - - @After - public void auditTrail() { - if(totals==0) { // "updateTotals()" was not called... just do one Trans - StringBuilder sb = new StringBuilder(); - Metric metric = trans.auditTrail(4, sb, Env.JSON, Env.REMOTE); - if(details) { - env.info().log( - sb, - "Total time:", - totals += metric.total, - "JSON time: ", - metric.buckets[0], - "REMOTE time: ", - metric.buckets[1] - ); - } else { - totals += metric.total; - } - } - } - - protected void updateTotals() { - Metric metric = trans.auditTrail(0, null, Env.JSON, Env.REMOTE); - totals+=metric.total; - json +=metric.buckets[0]; - remote+=metric.buckets[1]; - } - - - @AfterClass - public static void print() { - float transTime; - if(iterations==0) { - transTime=totals; - } else { - transTime=totals/iterations; - } - env.info().log( - "Total time:", - totals, - "JSON time:", - json, - "REMOTE time:", - remote, - "Iterations:", - iterations, - "Transaction time:", - transTime - ); - } - - /** - * Take a User/Pass and turn into an MD5 Hashed BasicAuth - * - * @param user - * @param pass - * @return - * @throws IOException - * @throws NoSuchAlgorithmException - */ - public static byte[] userPassToBytes(String user, String pass) - throws IOException, NoSuchAlgorithmException { - // Take the form of BasicAuth, so as to allow any character in Password - // (this is an issue in 1.0) - // Also, it makes it quicker to evaluate Basic Auth direct questions - String ba = Symm.base64url.encode(user + ':' + pass); - // Take MD5 Hash, so that data in DB can't be reversed out. - return Hash.encryptMD5(ba.getBytes()); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ApprovalDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ApprovalDAO.java deleted file mode 100644 index 46720c37..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ApprovalDAO.java +++ /dev/null @@ -1,147 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotSame; -import static org.junit.Assert.assertTrue; - -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.ApprovalDAO; -import org.onap.aaf.dao.aaf.cass.ApprovalDAO.Data; - -public class JU_ApprovalDAO extends AbsJUCass { - @Test - public void testCRUD() throws Exception { - ApprovalDAO rrDAO = new ApprovalDAO(trans, cluster, AUTHZ); - ApprovalDAO.Data data = new ApprovalDAO.Data(); - - data.ticket = UUID.randomUUID(); // normally, read from Future object - data.user = "testid@test.com"; - data.approver = "mySuper@att.com"; - data.type = "supervisor"; - data.status = "pending"; - data.operation = "C"; - data.updated = new Date(); - - try { - // Test create - rrDAO.create(trans, data); - - // Test Read by Ticket - Result> rlad; - rlad = rrDAO.readByTicket(trans, data.ticket); - assertTrue(rlad.isOK()); - assertEquals(1,rlad.value.size()); - compare(data,rlad.value.get(0)); - - // Hold onto original ID for deletion, and read tests - UUID id = rlad.value.get(0).id; - - try { - // Test Read by User - rlad = rrDAO.readByUser(trans, data.user); - assertTrue(rlad.isOKhasData()); - boolean ok = false; - for(ApprovalDAO.Data a : rlad.value) { - if(a.id.equals(id)) { - ok = true; - compare(data,a); - } - } - assertTrue(ok); - - // Test Read by Approver - rlad = rrDAO.readByApprover(trans, data.approver); - assertTrue(rlad.isOKhasData()); - ok = false; - for(ApprovalDAO.Data a : rlad.value) { - if(a.id.equals(id)) { - ok = true; - compare(data,a); - } - } - assertTrue(ok); - - // Test Read by ID - rlad = rrDAO.read(trans, id); - assertTrue(rlad.isOKhasData()); - ok = false; - for(ApprovalDAO.Data a : rlad.value) { - if(a.id.equals(id)) { - ok = true; - compare(data,a); - } - } - assertTrue(ok); - - // Test Update - data.status = "approved"; - data.id = id; - assertTrue(rrDAO.update(trans, data).isOK()); - - rlad = rrDAO.read(trans, id); - assertTrue(rlad.isOKhasData()); - ok = false; - for(ApprovalDAO.Data a : rlad.value) { - if(a.id.equals(id)) { - ok = true; - compare(data,a); - } - } - assertTrue(ok); - - } finally { - // Delete - data.id = id; - rrDAO.delete(trans, data, true); - rlad = rrDAO.read(trans, id); - assertTrue(rlad.isOK()); - assertTrue(rlad.isEmpty()); - } - - } finally { - rrDAO.close(trans); - } - } - - private void compare(Data d1, Data d2) { - assertNotSame(d1.id,d2.id); - assertEquals(d1.ticket,d2.ticket); - assertEquals(d1.user,d2.user); - assertEquals(d1.approver,d2.approver); - assertEquals(d1.type,d2.type); - assertEquals(d1.status,d2.status); - assertEquals(d1.operation,d2.operation); - assertNotSame(d1.updated,d2.updated); - } - - - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ArtiDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ArtiDAO.java deleted file mode 100644 index 0c92dc75..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_ArtiDAO.java +++ /dev/null @@ -1,137 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.util.Date; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.ArtiDAO; -import org.onap.aaf.dao.aaf.cass.ArtiDAO.Data; - -/** - * UserDAO unit test. - * User: tp007s - * Date: 7/19/13 - */ -public class JU_ArtiDAO extends AbsJUCass { - @Test - public void test() throws IOException, NoSuchAlgorithmException { - ArtiDAO adao = new ArtiDAO(trans,cluster,"authz"); - try { - // Create - ArtiDAO.Data data = new ArtiDAO.Data(); - data.mechid="m55555@perturbed.att.com"; - data.machine="perturbed1232.att.com"; - data.type(false).add("file"); - data.type(false).add("jks"); - data.sponsor="Fred Flintstone"; - data.ca="devl"; - data.dir="/opt/app/aft/keys"; - data.appName="kumquat"; - data.os_user="aft"; - data.notify="email:myname@bogus.email.com"; - data.expires=new Date(); - -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new ArtiDAO.Data(); - bdata.reconstitute(bb); - checkData1(data, bdata); - - -// DB work - adao.create(trans,data); - try { - // Validate Read with key fields in Data - Result> rlcd = adao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(ArtiDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Validate Read with key fields in Data - rlcd = adao.read(trans,data.mechid, data.machine); - assertTrue(rlcd.isOKhasData()); - for(ArtiDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // By Machine - rlcd = adao.readByMachine(trans,data.machine); - assertTrue(rlcd.isOKhasData()); - for(ArtiDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // By MechID - rlcd = adao.readByMechID(trans,data.mechid); - assertTrue(rlcd.isOKhasData()); - for(ArtiDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Update - data.sponsor = "Wilma Flintstone"; - adao.update(trans,data); - rlcd = adao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(ArtiDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - } finally { - // Always delete data, even if failure. - adao.delete(trans,data, true); - } - } finally { - adao.close(trans); - } - - - } - - private void checkData1(Data data, Data d) { - assertEquals(data.mechid,d.mechid); - assertEquals(data.machine,d.machine); - assertEquals(data.type(false).size(),d.type(false).size()); - for(String s: data.type(false)) { - assertTrue(d.type(false).contains(s)); - } - assertEquals(data.sponsor,d.sponsor); - assertEquals(data.ca,d.ca); - assertEquals(data.dir,d.dir); - assertEquals(data.appName,d.appName); - assertEquals(data.os_user,d.os_user); - assertEquals(data.notify,d.notify); - assertEquals(data.expires,d.expires); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_Bytification.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_Bytification.java deleted file mode 100644 index 65efef40..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_Bytification.java +++ /dev/null @@ -1,266 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Date; - -import org.junit.Test; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; - -public class JU_Bytification { - - @Test - public void testNS() throws IOException { - - // Normal - NsDAO.Data ns = new NsDAO.Data(); - ns.name = "com.att."; - ns.type = NsType.APP.type; - - ByteBuffer bb = ns.bytify(); - - NsDAO.Data nsr = new NsDAO.Data(); - nsr.reconstitute(bb); - check(ns,nsr); - - // Empty admin -// ns.admin(true).clear(); - bb = ns.bytify(); - nsr = new NsDAO.Data(); - nsr.reconstitute(bb); - check(ns,nsr); - - // Empty responsible -// ns.responsible(true).clear(); - bb = ns.bytify(); - nsr = new NsDAO.Data(); - nsr.reconstitute(bb); - check(ns,nsr); - - bb = ns.bytify(); - nsr = new NsDAO.Data(); - nsr.reconstitute(bb); - check(ns,nsr); - } - - private void check(NsDAO.Data a, NsDAO.Data b) { - assertEquals(a.name,b.name); - assertEquals(a.type,b.type); -// assertEquals(a.admin.size(),b.admin.size()); - -// for(String s: a.admin) { -// assertTrue(b.admin.contains(s)); -// } -// -// assertEquals(a.responsible.size(),b.responsible.size()); -// for(String s: a.responsible) { -// assertTrue(b.responsible.contains(s)); -// } - } - - @Test - public void testRole() throws IOException { - RoleDAO.Data rd1 = new RoleDAO.Data(); - rd1.ns = "com.att."; - rd1.name = "my.role"; - rd1.perms(true).add("com.att..my.Perm|myInstance|myAction"); - rd1.perms(true).add("com.att..my.Perm|myInstance|myAction2"); - - // Normal - ByteBuffer bb = rd1.bytify(); - RoleDAO.Data rd2 = new RoleDAO.Data(); - rd2.reconstitute(bb); - check(rd1,rd2); - - // Overshoot Buffer - StringBuilder sb = new StringBuilder(300); - sb.append("role|instance|veryLongAction..."); - for(int i=0;i<280;++i) { - sb.append('a'); - } - rd1.perms(true).add(sb.toString()); - bb = rd1.bytify(); - rd2 = new RoleDAO.Data(); - rd2.reconstitute(bb); - check(rd1,rd2); - - // No Perms - rd1.perms.clear(); - - bb = rd1.bytify(); - rd2 = new RoleDAO.Data(); - rd2.reconstitute(bb); - check(rd1,rd2); - - // 1000 Perms - for(int i=0;i<1000;++i) { - rd1.perms(true).add("com|inst|action"+ i); - } - - bb = rd1.bytify(); - rd2 = new RoleDAO.Data(); - rd2.reconstitute(bb); - check(rd1,rd2); - - } - - private void check(RoleDAO.Data a, RoleDAO.Data b) { - assertEquals(a.ns,b.ns); - assertEquals(a.name,b.name); - - assertEquals(a.perms.size(),b.perms.size()); - for(String s: a.perms) { - assertTrue(b.perms.contains(s)); - } - } - - @Test - public void testPerm() throws IOException { - PermDAO.Data pd1 = new PermDAO.Data(); - pd1.ns = "com.att."; - pd1.type = "my.perm"; - pd1.instance = "instance"; - pd1.action = "read"; - pd1.roles(true).add("com.att..my.Role"); - pd1.roles(true).add("com.att..my.Role2"); - - // Normal - ByteBuffer bb = pd1.bytify(); - PermDAO.Data rd2 = new PermDAO.Data(); - rd2.reconstitute(bb); - check(pd1,rd2); - - // No Perms - pd1.roles.clear(); - - bb = pd1.bytify(); - rd2 = new PermDAO.Data(); - rd2.reconstitute(bb); - check(pd1,rd2); - - // 1000 Perms - for(int i=0;i<1000;++i) { - pd1.roles(true).add("com.att..my.Role"+ i); - } - - bb = pd1.bytify(); - rd2 = new PermDAO.Data(); - rd2.reconstitute(bb); - check(pd1,rd2); - - } - - private void check(PermDAO.Data a, PermDAO.Data b) { - assertEquals(a.ns,b.ns); - assertEquals(a.type,b.type); - assertEquals(a.instance,b.instance); - assertEquals(a.action,b.action); - - assertEquals(a.roles.size(),b.roles.size()); - for(String s: a.roles) { - assertTrue(b.roles.contains(s)); - } - } - - @Test - public void testUserRole() throws IOException { - UserRoleDAO.Data urd1 = new UserRoleDAO.Data(); - urd1.user = "myname@abc.att.com"; - urd1.role("com.att.","my.role"); - urd1.expires = new Date(); - - // Normal - ByteBuffer bb = urd1.bytify(); - UserRoleDAO.Data urd2 = new UserRoleDAO.Data(); - urd2.reconstitute(bb); - check(urd1,urd2); - - // A null - urd1.expires = null; - urd1.role = null; - - bb = urd1.bytify(); - urd2 = new UserRoleDAO.Data(); - urd2.reconstitute(bb); - check(urd1,urd2); - } - - private void check(UserRoleDAO.Data a, UserRoleDAO.Data b) { - assertEquals(a.user,b.user); - assertEquals(a.role,b.role); - assertEquals(a.expires,b.expires); - } - - - @Test - public void testCred() throws IOException { - CredDAO.Data cd = new CredDAO.Data(); - cd.id = "m55555@abc.att.com"; - cd.ns = "com.att.abc"; - cd.type = 2; - cd.cred = ByteBuffer.wrap(new byte[]{1,34,5,3,25,0,2,5,3,4}); - cd.expires = new Date(); - - // Normal - ByteBuffer bb = cd.bytify(); - CredDAO.Data cd2 = new CredDAO.Data(); - cd2.reconstitute(bb); - check(cd,cd2); - - // nulls - cd.expires = null; - cd.cred = null; - - bb = cd.bytify(); - cd2 = new CredDAO.Data(); - cd2.reconstitute(bb); - check(cd,cd2); - - } - - private void check(CredDAO.Data a, CredDAO.Data b) { - assertEquals(a.id,b.id); - assertEquals(a.ns,b.ns); - assertEquals(a.type,b.type); - if(a.cred==null) { - assertEquals(a.cred,b.cred); - } else { - int l = a.cred.limit(); - assertEquals(l,b.cred.limit()); - for (int i=0;i id = new CacheInfoDAO(trans, cluster, AUTHZ); - Date date = new Date(); - - id.touch(trans, RoleDAO.TABLE,1); - try { - Thread.sleep(3000); - } catch (InterruptedException e) { - } - Result rid = id.check(trans); - Assert.assertEquals(rid.status,Status.OK); - Date[] dates = CacheInfoDAO.info.get(RoleDAO.TABLE); - if(dates.length>0 && dates[1]!=null) { - System.out.println(Chrono.dateStamp(dates[1])); - System.out.println(Chrono.dateStamp(date)); - Assert.assertTrue(Math.abs(dates[1].getTime() - date.getTime())<20000); // allow for 4 seconds, given Remote DB - } - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CertDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CertDAO.java deleted file mode 100644 index 498f8ce6..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CertDAO.java +++ /dev/null @@ -1,105 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.math.BigInteger; -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.CertDAO; -import org.onap.aaf.dao.aaf.cass.CertDAO.Data; - -import org.onap.aaf.inno.env.APIException; - -/** - * UserDAO unit test. - * User: tp007s - * Date: 7/19/13 - */ -public class JU_CertDAO extends AbsJUCass { - @Test - public void test() throws IOException, NoSuchAlgorithmException, APIException { - CertDAO cdao = new CertDAO(trans,cluster,"authz"); - try { - // Create - CertDAO.Data data = new CertDAO.Data(); - data.serial=new BigInteger("11839383"); - data.id = "m55555@tguard.att.com"; - data.x500="CN=ju_cert.dao.att.com, OU=AAF, O=\"ATT Services, Inc.\", L=Southfield, ST=Michigan, C=US"; - data.x509="I'm a cert"; - data.ca = "aaf"; - cdao.create(trans,data); - -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new CertDAO.Data(); - bdata.reconstitute(bb); - checkData1(data, bdata); - - // Validate Read with key fields in Data - Result> rlcd = cdao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CertDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Validate Read with key fields in Data - rlcd = cdao.read(trans,data.ca,data.serial); - assertTrue(rlcd.isOKhasData()); - for(CertDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Update - data.id = "m66666.tguard.att.com"; - cdao.update(trans,data); - rlcd = cdao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CertDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - cdao.delete(trans,data, true); - } finally { - cdao.close(trans); - } - - - } - - private void checkData1(Data data, Data d) { - assertEquals(data.ca,d.ca); - assertEquals(data.serial,d.serial); - assertEquals(data.id,d.id); - assertEquals(data.x500,d.x500); - assertEquals(data.x509,d.x509); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CredDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CredDAO.java deleted file mode 100644 index 3cf860ae..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_CredDAO.java +++ /dev/null @@ -1,252 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.util.Date; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO.Data; - -import org.onap.aaf.inno.env.APIException; - -/** - * UserDAO unit test. - * User: tp007s - * Date: 7/19/13 - */ -public class JU_CredDAO extends AbsJUCass { - @Test - public void test() throws IOException, NoSuchAlgorithmException, APIException { - CredDAO udao = new CredDAO(trans,cluster,"authz"); - try { - // Create - CredDAO.Data data = new CredDAO.Data(); - data.id = "m55555@aaf.att.com"; - data.type = CredDAO.BASIC_AUTH; - data.notes = "temp pass"; - data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mypass")); - data.other = 12; - data.expires = new Date(System.currentTimeMillis() + 60000*60*24*90); - udao.create(trans,data); - -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new CredDAO.Data(); - bdata.reconstitute(bb); - checkData1(data, bdata); - - // Validate Read with key fields in Data - Result> rlcd = udao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CredDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Update - data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mynewpass")); - udao.update(trans,data); - rlcd = udao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CredDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - udao.delete(trans,data, true); - } finally { - udao.close(trans); - } - - - } - - private void checkData1(Data data, Data d) { - assertEquals(data.id,d.id); - assertEquals(data.type,d.type); - assertEquals(data.ns,d.ns); - assertEquals(data.notes,d.notes); - assertEquals(data.cred,d.cred); - assertEquals(data.other,d.other); - assertEquals(data.expires,d.expires); - } - -// private String CONST_myName = "MyName"; -// public static final java.nio.ByteBuffer CONST_MY_CRED = get_CONST_MY_CRED(); -// public static final int CONST_CRED_TYPE = 11; -// -// public static final Date CONST_UPDATE_DATE = new Date(System.currentTimeMillis()+60000*24); -// @Test -// public void test() { -// UserDAO ud = new UserDAO(trans, cluster,"authz"); -// try { -// UserDAO.Data data = createPrototypeUserData(); -// ud.create(trans, data); -// -// // Validate Read with key fields in Data -// for(UserDAO.Data d : ud.read(trans, data)) { -// checkData1(data,d); -// } -// -// // Validate readByName -// for(UserDAO.Data d : ud.read(trans, CONST_myName)) { -// checkData1(data,d); -// } -// -// ud.delete(trans, data); -// List d_2 = ud.read(trans, CONST_myName); -// -// // Validate that data was deleted -// assertEquals("User should not be found after deleted", 0, d_2.size() ); -// -// data = new UserDAO.Data(); -// data.name = CONST_myName; -// data.cred = CONST_MY_CRED; -// data.cred_type= CONST_CRED_TYPE; -// data.expires = new Date(System.currentTimeMillis()+60000*24); -// final Result user = ud.r_create(trans, data); -// assertEquals("ud.createUser should work", Result.Status.OK, user.status); -// -// checkDataIgnoreDateDiff(data, user.value); -// -// // finally leave system in consistent state by deleting user again -// ud.delete(trans,data); -// -// } catch (DAOException e) { -// e.printStackTrace(); -// fail("Fail due to Exception"); -// } finally { -// ud.close(trans); -// } -// } -// -// private UserDAO.Data createPrototypeUserData() { -// UserDAO.Data data = new UserDAO.Data(); -// data.name = CONST_myName; -// -// data.cred_type = CONST_CRED_TYPE; -// data.cred = CONST_MY_CRED; -// data.expires = CONST_UPDATE_DATE; -// return data; -// } -// -// // @Test -// // public void testReadByUser() throws Exception { -// // // this test was done above in our super test, since it uses the same setup -// // } -// -// @Test -// public void testFunctionCreateUser() throws Exception { -// String name = "roger_rabbit"; -// Integer credType = CONST_CRED_TYPE; -// java.nio.ByteBuffer cred = CONST_MY_CRED; -// final UserDAO ud = new UserDAO(trans, cluster,"authz"); -// final UserDAO.Data data = createPrototypeUserData(); -// Result ret = ud.r_create(trans, data); -// Result> byUserNameLookup = ud.r_read(trans, name); -// -// assertEquals("sanity test w/ different username (different than other test cases) failed", name, byUserNameLookup.value.get(0).name); -// assertEquals("delete roger_rabbit failed", true, ud.delete(trans, byUserNameLookup.value.get(0))); -// } -// -// @Test -// public void testLowLevelCassandraCreateData_Given_UserAlreadyPresent_ShouldPass() throws Exception { -// UserDAO ud = new UserDAO(trans, cluster,"authz"); -// -// final UserDAO.Data data = createPrototypeUserData(); -// final UserDAO.Data data1 = ud.create(trans, data); -// final UserDAO.Data data2 = ud.create(trans, data); -// -// assertNotNull(data1); -// assertNotNull(data2); -// -// assertEquals(CONST_myName, data1.name); -// assertEquals(CONST_myName, data2.name); -// } -// -// @Test -// public void testCreateUser_Given_UserAlreadyPresent_ShouldFail() throws Exception { -// UserDAO ud = new UserDAO(trans, cluster,"authz"); -// -// final UserDAO.Data data = createPrototypeUserData(); -// -// // make sure that some prev test did not leave the user in the DB -// ud.delete(trans, data); -// -// // attempt to create same user twice !!! -// -// final Result data1 = ud.r_create(trans, data); -// final Result data2 = ud.r_create(trans, data); -// -// assertNotNull(data1); -// assertNotNull(data2); -// -// assertEquals(true, Result.Status.OK == data1.status); -// assertEquals(false, Result.Status.OK == data2.status); -// } -// -// private void checkData1(UserDAO.Data data, UserDAO.Data d) { -// data.name = CONST_myName; -// -// data.cred_type = CONST_CRED_TYPE; -// data.cred = CONST_MY_CRED; -// data.expires = CONST_UPDATE_DATE; -// -// assertEquals(data.name, d.name); -// assertEquals(data.cred_type, d.cred_type); -// assertEquals(data.cred, d.cred); -// assertEquals(data.expires, d.expires); -// -// } -// -// private void checkDataIgnoreDateDiff(UserDAO.Data data, UserDAO.Data d) { -// data.name = CONST_myName; -// -// data.cred_type = CONST_CRED_TYPE; -// data.cred = CONST_MY_CRED; -// data.expires = CONST_UPDATE_DATE; -// -// assertEquals(data.name, d.name); -// assertEquals(data.cred_type, d.cred_type); -// assertEquals(data.cred, d.cred); -// // we allow dates to be different, e.g. high level calls e.g. createUser sets the date itself. -// //assertEquals(data.updated, d.updated); -// -// } -// -// /** -// * Get a CONST_MY_CRED ByteBuffer, which is the java type for a cass blob. -// * @return -// */ -// private static java.nio.ByteBuffer get_CONST_MY_CRED() { -// return ByteBuffer.wrap("Hello".getBytes()); -// } -// -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_DelegateDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_DelegateDAO.java deleted file mode 100644 index d93ec399..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_DelegateDAO.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.nio.ByteBuffer; -import java.util.Date; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.DelegateDAO; -import org.onap.aaf.dao.aaf.cass.DelegateDAO.Data; - - -public class JU_DelegateDAO extends AbsJUCass { - @Test - public void testCRUD() throws Exception { - DelegateDAO dao = new DelegateDAO(trans, cluster, AUTHZ); - DelegateDAO.Data data = new DelegateDAO.Data(); - data.user = "myname"; - data.delegate = "yourname"; - data.expires = new Date(); - -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new DelegateDAO.Data(); - bdata.reconstitute(bb); - compare(data, bdata); - - try { - // Test create - Result ddcr = dao.create(trans,data); - assertTrue(ddcr.isOK()); - - - // Read by User - Result> records = dao.read(trans,data.user); - assertTrue(records.isOKhasData()); - for(DelegateDAO.Data rdata : records.value) - compare(data,rdata); - - // Read by Delegate - records = dao.readByDelegate(trans,data.delegate); - assertTrue(records.isOKhasData()); - for(DelegateDAO.Data rdata : records.value) - compare(data,rdata); - - // Update - data.delegate = "hisname"; - data.expires = new Date(); - assertTrue(dao.update(trans, data).isOK()); - - // Read by User - records = dao.read(trans,data.user); - assertTrue(records.isOKhasData()); - for(DelegateDAO.Data rdata : records.value) - compare(data,rdata); - - // Read by Delegate - records = dao.readByDelegate(trans,data.delegate); - assertTrue(records.isOKhasData()); - for(DelegateDAO.Data rdata : records.value) - compare(data,rdata); - - // Test delete - dao.delete(trans,data, true); - records = dao.read(trans,data.user); - assertTrue(records.isEmpty()); - - - } finally { - dao.close(trans); - } - } - - private void compare(Data d1, Data d2) { - assertEquals(d1.user, d2.user); - assertEquals(d1.delegate, d2.delegate); - assertEquals(d1.expires,d2.expires); - } - - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_FastCalling.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_FastCalling.java deleted file mode 100644 index 9b0fa2ed..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_FastCalling.java +++ /dev/null @@ -1,91 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.util.Date; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO.Data; - -import org.onap.aaf.inno.env.APIException; - -public class JU_FastCalling extends AbsJUCass { - - @Test - public void test() throws IOException, NoSuchAlgorithmException, APIException { - trans.setProperty("cassandra.writeConsistency.cred","ONE"); - - CredDAO udao = new CredDAO(env.newTransNoAvg(),cluster,"authz"); - System.out.println("Starting calls"); - for(iterations=0;iterations<8;++iterations) { - try { - // Create - CredDAO.Data data = new CredDAO.Data(); - data.id = "m55555@aaf.att.com"; - data.type = CredDAO.BASIC_AUTH; - data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mypass")); - data.expires = new Date(System.currentTimeMillis() + 60000*60*24*90); - udao.create(trans,data); - - // Validate Read with key fields in Data - Result> rlcd = udao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CredDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - // Update - data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mynewpass")); - udao.update(trans,data); - rlcd = udao.read(trans,data); - assertTrue(rlcd.isOKhasData()); - for(CredDAO.Data d : rlcd.value) { - checkData1(data,d); - } - - udao.delete(trans,data, true); - } finally { - updateTotals(); - newTrans(); - } - } - - } - - private void checkData1(Data data, Data d) { - assertEquals(data.id,d.id); - assertEquals(data.type,d.type); - assertEquals(data.cred,d.cred); - assertEquals(data.expires,d.expires); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_HistoryDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_HistoryDAO.java deleted file mode 100644 index 29ce5d4b..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_HistoryDAO.java +++ /dev/null @@ -1,154 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import java.nio.ByteBuffer; -import java.util.List; -import java.util.Random; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.HistoryDAO; - -public class JU_HistoryDAO extends AbsJUCass { - - @Test - public void testCreate() throws Exception { - HistoryDAO historyDAO = new HistoryDAO(trans, cluster, AUTHZ); - HistoryDAO.Data data = createHistoryData(); - - try { - historyDAO.create(trans,data); - Thread.sleep(200);// History Create is Async - Result> records = historyDAO.readByUser(trans,data.user,data.yr_mon); - assertTrue(records.isOKhasData()); - for(HistoryDAO.Data d : records.value) { - assertHistory(data, d); - } - } finally { - historyDAO.close(trans); - } - } - - @Test - public void tesReadByUser() throws Exception { - HistoryDAO historyDAO = new HistoryDAO(trans,cluster, AUTHZ); - HistoryDAO.Data data = createHistoryData(); - - try { - historyDAO.create(trans,data); - Thread.sleep(200);// History Create is Async - Result> records = historyDAO.readByUser(trans, data.user,data.yr_mon); - assertTrue(records.isOKhasData()); - for(HistoryDAO.Data d : records.value) { - assertHistory(data, d); - } - } finally { - historyDAO.close(trans); - } - } - -/* - @Test - public void readByUserAndMonth() throws Exception { - HistoryDAO historyDAO = new HistoryDAO(trans,cluster, AUTHZ); - HistoryDAO.Data data = createHistoryData(); - - try { - historyDAO.create(trans,data); - Thread.sleep(200);// History Create is Async - Result> records = historyDAO.readByUserAndMonth(trans, - data.user, Integer.valueOf(String.valueOf(data.yr_mon).substring(0, 4)), - Integer.valueOf(String.valueOf(data.yr_mon).substring(4, 6))); - assertTrue(records.isOKhasData()); - for(HistoryDAO.Data d : records.value) { - assertHistory(data, d); - } - } finally { - historyDAO.close(trans); - } - } -*/ - //TODO readadd this -// @Test -// public void readByUserAndDay() throws Exception { -// HistoryDAO historyDAO = new HistoryDAO(trans, cluster, AUTHZ); -// HistoryDAO.Data data = createHistoryData(); -// -// try { -// historyDAO.create(trans, data); -// Thread.sleep(200);// History Create is Async -// -// String dayTime = String.valueOf(data.day_time); -// String day = null; -// if (dayTime.length() < 8) -// day = dayTime.substring(0, 1); -// else -// day = dayTime.substring(0, 2); -// -// List records = historyDAO.readByUserBetweenDates(trans, -// data.user, Integer.valueOf(String.valueOf(data.yr_mon).substring(0, 4)), -// Integer.valueOf(String.valueOf(data.yr_mon).substring(4, 6)), -// Integer.valueOf(day), 0); -// assertEquals(1,records.size()); -// for(HistoryDAO.Data d : records) { -// assertHistory(data, d); -// } -// } finally { -// historyDAO.close(trans); -// } -// } - private HistoryDAO.Data createHistoryData() { - HistoryDAO.Data data = HistoryDAO.newInitedData(); - Random random = new Random(); - data.user = "test" + random.nextInt(); - data.action = "add"; - data.target = "history"; - data.memo = "adding a row into history table"; -// data.detail().put("id", "test"); -// data.detail().put("name", "test"); - //String temp = "Test Blob Message"; - data.reconstruct = ByteBuffer.wrap("Temp Blob Message".getBytes()); - return data; - } - - private void assertHistory(HistoryDAO.Data ip, HistoryDAO.Data op) { - assertEquals(ip.yr_mon, op.yr_mon); -// assertEquals(ip.day_time, op.day_time); - assertEquals(ip.user, op.user); - assertEquals(ip.action, op.action); - assertEquals(ip.target, op.target); - assertEquals(ip.memo, op.memo); - //TODO : have to see if third party assert utility can be used -// assertTrue(CollectionUtils.isEqualCollection(ip.detail, op.detail)); -// for (String key : ip.detail().keySet()) { -// assertNotNull(op.detail().get(key)); -// } - assertNotNull(op.reconstruct); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsDAO.java deleted file mode 100644 index ad9ed287..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsDAO.java +++ /dev/null @@ -1,187 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; - -import org.onap.aaf.inno.env.APIException; - - -public class JU_NsDAO extends AbsJUCass { - private static final String CRM = "ju_crm"; - private static final String SWM = "ju_swm"; - - @Test - public void test() throws APIException, IOException { - NsDAO nsd = new NsDAO(trans, cluster, AUTHZ); - try { - final String nsparent = "com.test"; - final String ns1 = nsparent +".ju_ns"; - final String ns2 = nsparent + ".ju_ns2"; - - Map oAttribs = new HashMap(); - oAttribs.put(SWM, "swm_data"); - oAttribs.put(CRM, "crm_data"); - Data data = new NsDAO.Data(); - data.name = ns1; - data.type = NsType.APP.type; - data.attrib(true).putAll(oAttribs); - - - Result> rdrr; - - // CREATE - Result rdc = nsd.create(trans, data); - assertTrue(rdc.isOK()); - - try { -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new NsDAO.Data(); - bdata.reconstitute(bb); - compare(data, bdata); - - // Test READ by Object - rdrr = nsd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - Data d = rdrr.value.get(0); - assertEquals(d.name,data.name); - assertEquals(d.type,data.type); - attribsEqual(d.attrib(false),data.attrib(false)); - attribsEqual(oAttribs,data.attrib(false)); - - // Test Read by Key - rdrr = nsd.read(trans, data.name); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - d = rdrr.value.get(0); - assertEquals(d.name,data.name); - assertEquals(d.type,data.type); - attribsEqual(d.attrib(false),data.attrib(false)); - attribsEqual(oAttribs,data.attrib(false)); - - // Read NS by Type - Result> rtypes = nsd.readNsByAttrib(trans, SWM); - Set types; - if(rtypes.notOK()) { - throw new IOException(rtypes.errorString()); - } else { - types = rtypes.value; - } - assertEquals(1,types.size()); - assertEquals(true,types.contains(ns1)); - - // Add second NS to test list of data returned - Data data2 = new NsDAO.Data(); - data2.name = ns2; - data2.type = 3; // app - Result rdc2 = nsd.create(trans, data2); - assertTrue(rdc2.isOK()); - - // Interrupt - test PARENT - Result> rdchildren = nsd.getChildren(trans, "com.test"); - assertTrue(rdchildren.isOKhasData()); - boolean child1 = false; - boolean child2 = false; - for(Data dchild : rdchildren.value) { - if(ns1.equals(dchild.name))child1=true; - if(ns2.equals(dchild.name))child2=true; - } - assertTrue(child1); - assertTrue(child2); - - // FINISH DATA 2 by deleting - Result rddr = nsd.delete(trans, data2, true); - assertTrue(rddr.isOK()); - - // ADD DESCRIPTION - String description = "This is my test Namespace"; - assertFalse(description.equalsIgnoreCase(data.description)); - - Result addDesc = nsd.addDescription(trans, data.name, description); - assertTrue(addDesc.isOK()); - rdrr = nsd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - assertEquals(rdrr.value.get(0).description,description); - - // UPDATE - String newDescription = "zz1234 Owns This Namespace Now"; - oAttribs.put("mso", "mso_data"); - data.attrib(true).put("mso", "mso_data"); - data.description = newDescription; - Result update = nsd.update(trans, data); - assertTrue(update.isOK()); - rdrr = nsd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - assertEquals(rdrr.value.get(0).description,newDescription); - attribsEqual(oAttribs, rdrr.value.get(0).attrib); - - - } catch (IOException e) { - e.printStackTrace(); - } finally { - // DELETE - Result rddr = nsd.delete(trans, data, true); - assertTrue(rddr.isOK()); - rdrr = nsd.read(trans, data); - assertTrue(rdrr.isOK() && rdrr.isEmpty()); - assertEquals(rdrr.value.size(),0); - } - } finally { - nsd.close(trans); - } - } - - private void compare(NsDAO.Data d, NsDAO.Data data) { - assertEquals(d.name,data.name); - assertEquals(d.type,data.type); - attribsEqual(d.attrib(false),data.attrib(false)); - attribsEqual(d.attrib(false),data.attrib(false)); - } - - private void attribsEqual(Map aa, Map ba) { - assertEquals(aa.size(),ba.size()); - for(Entry es : aa.entrySet()) { - assertEquals(es.getValue(),ba.get(es.getKey())); - } - } -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsType.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsType.java deleted file mode 100644 index 92152695..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_NsType.java +++ /dev/null @@ -1,59 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static org.junit.Assert.assertEquals; - -import org.junit.AfterClass; -import org.junit.Test; -import org.onap.aaf.dao.aaf.cass.NsType; - -public class JU_NsType { - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Test - public void test() { - NsType nt,nt2; - String[] tests = new String[] {"DOT","ROOT","COMPANY","APP","STACKED_APP","STACK"}; - for(String s : tests) { - nt = NsType.valueOf(s); - assertEquals(s,nt.name()); - - nt2 = NsType.fromString(s); - assertEquals(nt,nt2); - - int t = nt.type; - nt2 = NsType.fromType(t); - assertEquals(nt,nt2); - } - - nt = NsType.fromType(Integer.MIN_VALUE); - assertEquals(nt,NsType.UNKNOWN); - nt = NsType.fromString("Garbage"); - assertEquals(nt,NsType.UNKNOWN); - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_PermDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_PermDAO.java deleted file mode 100644 index 582ce185..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_PermDAO.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.List; -import java.util.Set; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.PermDAO.Data; - -import org.onap.aaf.inno.env.APIException; - -/** - * Test the PermissionDAO - * - * Utilize AbsJUCass to initialize and pre-load Cass - * - * - */ -public class JU_PermDAO extends AbsJUCass{ - - @Test - public void test() throws APIException, IOException { - PermDAO pd = new PermDAO(trans,cluster,"authz"); - try { - PermDAO.Data data = new PermDAO.Data(); - data.ns = "com.test.ju_perm"; - data.type = "MyType"; - data.instance = "MyInstance"; - data.action = "MyAction"; - data.roles(true).add(data.ns + ".dev"); - - - - // CREATE - Result rpdc = pd.create(trans,data); - assertTrue(rpdc.isOK()); - - Result> rlpd; - try { -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new PermDAO.Data(); - bdata.reconstitute(bb); - compare(data, bdata); - - // Validate Read with key fields in Data - if((rlpd = pd.read(trans,data)).isOK()) - for(PermDAO.Data d : rlpd.value) { - checkData1(data,d); - } - - // Validate readByName - if((rlpd = pd.readByType(trans,data.ns, data.type)).isOK()) - for(PermDAO.Data d : rlpd.value) { - checkData1(data,d); - } - - // Add Role - RoleDAO.Data role = new RoleDAO.Data(); - role.ns = data.ns; - role.name = "test"; - - Result rvpd = pd.addRole(trans, data, role.fullName()); - assertTrue(rvpd.isOK()); - // Validate Read with key fields in Data - if((rlpd = pd.read(trans,data)).isOK()) - for(PermDAO.Data d : rlpd.value) { - checkData2(data,d); - } - - // Remove Role - rvpd = pd.delRole(trans, data, role.fullName()); - assertTrue(rvpd.isOK()); - if((rlpd = pd.read(trans,data)).isOK()) - for(PermDAO.Data d : rlpd.value) { - checkData1(data,d); - } - - // Add Child - Data data2 = new Data(); - data2.ns = data.ns; - data2.type = data.type + ".2"; - data2.instance = data.instance; - data2.action = data.action; - - rpdc = pd.create(trans, data2); - assertTrue(rpdc.isOK()); - try { - rlpd = pd.readChildren(trans, data.ns,data.type); - assertTrue(rlpd.isOKhasData()); - assertEquals(rlpd.value.size(),1); - assertEquals(rlpd.value.get(0).fullType(),data2.fullType()); - } finally { - // Delete Child - pd.delete(trans, data2,true); - - } - } catch (IOException e) { - e.printStackTrace(); - } finally { - // DELETE - Result rpdd = pd.delete(trans,data,true); - assertTrue(rpdd.isOK()); - rlpd = pd.read(trans, data); - assertTrue(rlpd.isOK() && rlpd.isEmpty()); - assertEquals(rlpd.value.size(),0); - } - } finally { - pd.close(trans); - } - } - - private void compare(Data a, Data b) { - assertEquals(a.ns,b.ns); - assertEquals(a.type,b.type); - assertEquals(a.instance,b.instance); - assertEquals(a.action,b.action); - assertEquals(a.roles(false).size(),b.roles(false).size()); - for(String s: a.roles(false)) { - assertTrue(b.roles(false).contains(s)); - } - } - private void checkData1(Data data, Data d) { - assertEquals(data.ns,d.ns); - assertEquals(data.type,d.type); - assertEquals(data.instance,d.instance); - assertEquals(data.action,d.action); - - Set ss = d.roles(true); - assertEquals(1,ss.size()); - assertTrue(ss.contains(data.ns+".dev")); - } - - private void checkData2(Data data, Data d) { - assertEquals(data.ns,d.ns); - assertEquals(data.type,d.type); - assertEquals(data.instance,d.instance); - assertEquals(data.action,d.action); - - Set ss = d.roles(true); - assertEquals(2,ss.size()); - assertTrue(ss.contains(data.ns+".dev")); - assertTrue(ss.contains(data.ns+".test")); - } - - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_RoleDAO.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_RoleDAO.java deleted file mode 100644 index ba61c61e..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/JU_RoleDAO.java +++ /dev/null @@ -1,139 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertTrue; - -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.List; - -import org.junit.Test; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO.Data; - -import org.onap.aaf.inno.env.APIException; - - -public class JU_RoleDAO extends AbsJUCass { - - @Test - public void test() throws IOException, APIException { - RoleDAO rd = new RoleDAO(trans, cluster, AUTHZ); - try { - Data data = new RoleDAO.Data(); - data.ns = "com.test.ju_role"; - data.name = "role1"; - -// Bytification - ByteBuffer bb = data.bytify(); - Data bdata = new RoleDAO.Data(); - bdata.reconstitute(bb); - compare(data, bdata); - - // CREATE - Result rdc = rd.create(trans, data); - assertTrue(rdc.isOK()); - Result> rdrr; - try { - // READ - rdrr = rd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - Data d = rdrr.value.get(0); - assertEquals(d.perms.size(),0); - assertEquals(d.name,data.name); - assertEquals(d.ns,data.ns); - - PermDAO.Data perm = new PermDAO.Data(); - perm.ns = data.ns; - perm.type = "Perm"; - perm.instance = "perm1"; - perm.action = "write"; - - // ADD Perm - Result rdar = rd.addPerm(trans, data, perm); - assertTrue(rdar.isOK()); - rdrr = rd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - assertEquals(rdrr.value.get(0).perms.size(),1); - assertTrue(rdrr.value.get(0).perms.contains(perm.encode())); - - // DEL Perm - rdar = rd.delPerm(trans, data,perm); - assertTrue(rdar.isOK()); - rdrr = rd.read(trans, data); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - assertEquals(rdrr.value.get(0).perms.size(),0); - - // Add Child - Data data2 = new Data(); - data2.ns = data.ns; - data2.name = data.name + ".2"; - - rdc = rd.create(trans, data2); - assertTrue(rdc.isOK()); - try { - rdrr = rd.readChildren(trans, data.ns,data.name); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),1); - assertEquals(rdrr.value.get(0).name,data.name + ".2"); - - rdrr = rd.readChildren(trans, data.ns,"*"); - assertTrue(rdrr.isOKhasData()); - assertEquals(rdrr.value.size(),2); - - } finally { - // Delete Child - rd.delete(trans, data2, true); - } - - } finally { - // DELETE - Result rddr = rd.delete(trans, data, true); - assertTrue(rddr.isOK()); - rdrr = rd.read(trans, data); - assertTrue(rdrr.isOK() && rdrr.isEmpty()); - assertEquals(rdrr.value.size(),0); - } - } finally { - rd.close(trans); - } - } - - private void compare(Data a, Data b) { - assertEquals(a.name,b.name); - assertEquals(a.description, b.description); - assertEquals(a.ns,b.ns); - assertEquals(a.perms(false).size(),b.perms(false).size()); - for(String p : a.perms(false)) { - assertTrue(b.perms(false).contains(p)); - } - } - -} diff --git a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/NS_ChildUpdate.java b/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/NS_ChildUpdate.java deleted file mode 100644 index 379eb5e4..00000000 --- a/authz-cass/src/test/java/org/onap/aaf/dao/aaf/test/NS_ChildUpdate.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.dao.aaf.test; - -import org.onap.aaf.authz.env.AuthzEnv; - -import com.datastax.driver.core.Cluster; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.Session; - -public class NS_ChildUpdate { - - public static void main(String[] args) { - if(args.length < 3 ) { - System.out.println("usage: NS_ChildUpdate machine mechid (encrypted)passwd"); - } else { - try { - AuthzEnv env = new AuthzEnv(); - env.setLog4JNames("log.properties","authz","authz","audit","init","trace"); - - Cluster cluster = Cluster.builder() - .addContactPoint(args[0]) - .withCredentials(args[1],env.decrypt(args[2], false)) - .build(); - - Session session = cluster.connect("authz"); - try { - ResultSet result = session.execute("SELECT name,parent FROM ns"); - int count = 0; - for(Row r : result.all()) { - ++count; - String name = r.getString(0); - String parent = r.getString(1); - if(parent==null) { - int idx = name.lastIndexOf('.'); - - parent = idx>0?name.substring(0, idx):"."; - System.out.println("UPDATE " + name + " to " + parent); - session.execute("UPDATE ns SET parent='" + parent + "' WHERE name='" + name + "';"); - } - } - System.out.println("Processed " + count + " records"); - } finally { - session.close(); - cluster.close(); - } - } catch (Exception e) { - e.printStackTrace(); - } - } - } - -} diff --git a/authz-cass/src/test/resources/cadi.properties b/authz-cass/src/test/resources/cadi.properties deleted file mode 100644 index 8f1209a9..00000000 --- a/authz-cass/src/test/resources/cadi.properties +++ /dev/null @@ -1,52 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -############################################################################### -# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -############################################################################### -## -## AUTHZ API (authz-service) Properties -## - -cadi_prop_file=com.att.aaf.props;com.att.aaf.common.props - -#cadi_trust_all_x509=true -#cadi_alias=aaf.att -https.protocols=TLSv1.1,TLSv1.2 - -cm_url=https://XXX:8150 - -basic_realm=localized -basic_warn=false -localhost_deny=false - -cass_group_name=com.att.aaf -cass_cluster_name=mithrilcsp.sbc.com -aaf_default_realm=com.att.csp - -aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE -aaf_id=??? -aaf_password=enc:XXX - -aaf_user_expires=3000 -aaf_clean_interval=4000 - diff --git a/authz-client/pom.xml b/authz-client/pom.xml deleted file mode 100644 index 7624fac5..00000000 --- a/authz-client/pom.xml +++ /dev/null @@ -1,277 +0,0 @@ - - - - 4.0.0 - - - - org.onap.aaf.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - - authz-client - Authz Client - Client and XSD Generated code for Authz - org.onap.aaf.authz - 1.0.1-SNAPSHOT - jar - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - - UTF-8 - /opt/app/aft/${project.artifactId}/${project.version} - true - 1.0.0-SNAPSHOT - - 0.7.7.201606060606 - true - 3.2 - jacoco - - target/code-coverage/jacoco-ut.exec - target/code-coverage/jacoco-it.exec - - **/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/** - https://nexus.onap.org - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - - - - - junit - junit - 4.10 - test - - - - - - - - org.codehaus.mojo - jaxb2-maven-plugin - 1.3 - - - generate-sources - - xjc - - - - - src/main/xsd - - - - - - org.eclipse.m2e - lifecycle-mapping - 1.0.0 - - - - - - - org.codehaus.mojo - - - jaxb2-maven-plugin - - - [1.3,) - - - xjc - - - - - - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 2.3.2 - - 1.6 - 1.6 - - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - ${jacoco.version} - - - **/gen/** - **/generated-sources/** - **/yang-gen/** - **/pax/** - - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/code-coverage/jacoco-ut.exec - surefireArgLine - - - - - - post-unit-test - test - - report - - - ${project.build.directory}/code-coverage/jacoco-ut.exec - ${project.reporting.outputDirectory}/jacoco-ut - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/code-coverage/jacoco-it.exec - - failsafeArgLine - - - - - - post-integration-test - post-integration-test - - report - - - ${project.build.directory}/code-coverage/jacoco-it.exec - ${project.reporting.outputDirectory}/jacoco-it - - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - - - diff --git a/authz-client/src/main/xsd/aaf_2_0.xsd b/authz-client/src/main/xsd/aaf_2_0.xsd deleted file mode 100644 index 4b04d6c1..00000000 --- a/authz-client/src/main/xsd/aaf_2_0.xsd +++ /dev/null @@ -1,467 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/authz-client/src/main/xsd/certman_1_0.xsd b/authz-client/src/main/xsd/certman_1_0.xsd deleted file mode 100644 index d99c144b..00000000 --- a/authz-client/src/main/xsd/certman_1_0.xsd +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/authz-fs/pom.xml b/authz-fs/pom.xml deleted file mode 100644 index fe789cb5..00000000 --- a/authz-fs/pom.xml +++ /dev/null @@ -1,213 +0,0 @@ - - - - 4.0.0 - - org.onap.aaf.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - authz-fs - Authz File Server - Independent FileServer via HTTP (not S) for Public Files (i.e. CRLs) - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - - true - 9 - 1.0.0-SNAPSHOT - 1.0.0-SNAPSHOT - java - true - jacoco - ${project.build.directory}/surefire-reports - ${project.build.directory}/coverage-reports/jacoco.exec - ${project.build.directory}/coverage-reports/jacoco-it.exec - true - ${project.version} - https://nexus.onap.org - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - - - - - - org.onap.aaf.authz - authz-core - ${project.version} - - - org.onap.aaf.cadi - cadi-core - ${project.cadiVersion} - - - com.att.aft - dme2 - - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - **/*.class - - - 2.3.1 - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - 0.7.7.201606060606 - - true - - org.onap.aaf.* - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco.exec - - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco-it.exec - - - - - - merge - - post-integration-test - - - - ${project.build.directory}/coverage-reports - - *.exec - - - - ${project.build.directory}/jacoco-dev.exec - - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - - diff --git a/authz-fs/src/main/config/FileServer.props b/authz-fs/src/main/config/FileServer.props deleted file mode 100644 index ed1506e5..00000000 --- a/authz-fs/src/main/config/FileServer.props +++ /dev/null @@ -1,20 +0,0 @@ -## -## AUTHZ API (authz-service) Properties -## - -hostname=_HOSTNAME_ - -## DISCOVERY (DME2) Parameters on the Command Line -AFT_LATITUDE=_AFT_LATITUDE_ -AFT_LONGITUDE=_AFT_LONGITUDE_ -AFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -DEPLOYED_VERSION=_ARTIFACT_VERSION_ - -DMEServiceName=service=com.att.authz.authz-fs/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ -AFT_DME2_PORT_RANGE=_AUTHZ_FS_PORT_RANGE_ -AFT_DME2_SSL_ENABLE=false -AFT_DME2_DISABLE_PERSISTENT_CACHE=true - -CFA_WebPath=_ROOT_DIR_/data -CFA_ClearCommand=FmzYPpMY918MwE1hyacoiFSt -CFA_MaxSize=2000000 \ No newline at end of file diff --git a/authz-fs/src/main/config/log4j.properties b/authz-fs/src/main/config/log4j.properties deleted file mode 100644 index 65a4ca7a..00000000 --- a/authz-fs/src/main/config/log4j.properties +++ /dev/null @@ -1,90 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -############################################################################### -# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -############################################################################### -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init} -log4j.appender.INIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.INIT.layout=org.apache.log4j.PatternLayout -log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - - -log4j.appender.FS=org.apache.log4j.DailyRollingFileAppender -log4j.appender.FS.File=logs/${LOG4J_FILENAME_authz} -log4j.appender.FS.DatePattern='.'yyyy-MM-dd -#log4j.appender.FS.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.FS.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.FS.layout=org.apache.log4j.PatternLayout -log4j.appender.FS.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n - -log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit} -log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.AUDIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.AUDIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.TRACE=org.apache.log4j.DailyRollingFileAppender -log4j.appender.TRACE.File=logs/${LOG4J_FILENAME_trace} -log4j.appender.TRACE.DatePattern='.'yyyy-MM-dd -#log4j.appender.TRACE.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.TRACE.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.TRACE.layout=org.apache.log4j.PatternLayout -log4j.appender.TRACE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN -log4j.logger.org.apache=WARN,INIT -log4j.logger.dme2=WARN,INIT -log4j.logger.init=INFO,INIT -log4j.logger.authz=_LOG4J_LEVEL_,FS -log4j.logger.audit=INFO,AUDIT -log4j.logger.trace=TRACE,TRACE - - diff --git a/authz-fs/src/main/config/lrm-authz-fs.xml b/authz-fs/src/main/config/lrm-authz-fs.xml deleted file mode 100644 index b5d1ffd3..00000000 --- a/authz-fs/src/main/config/lrm-authz-fs.xml +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - com.att.authz._ARTIFACT_ID_ - - _MAJOR_VER_ - _MINOR_VER_ - _PATCH_VER_ - - _ROUTE_OFFER_ - - Java - com.att.authz.fs.FileServer - - process.workdir - _ROOT_DIR_ - - - jvm.version - 1.8 - - - jvm.args - -DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 - - - jvm.classpath - _ROOT_DIR_/etc:_ROOT_DIR_/lib/*: - - - jvm.heap.min - 1024m - - - jvm.heap.max - 2048m - - - start.class - com.att.authz.fs.FileServer - - - stdout.redirect - _ROOT_DIR_/logs/SystemOut.log - - - stderr.redirect - _ROOT_DIR_/logs/SystemErr.log - - aft - AUTO - 2 - _RESOURCE_MIN_COUNT_ - _RESOURCE_MAX_COUNT_ - _RESOURCE_REGISTRATION_ - com.att.authz:_ARTIFACT_ID_ - _ARTIFACT_VERSION_ - - diff --git a/authz-fs/src/main/data/test.html b/authz-fs/src/main/data/test.html deleted file mode 100644 index 7ea73028..00000000 --- a/authz-fs/src/main/data/test.html +++ /dev/null @@ -1,42 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- - - - - AT&T Authentication/Authorization Tool - - - -
-

AT&T Auth Tool on _ENV_CONTEXT_

-

AAF Version: _ARTIFACT_VERSION_

-
-

Success for File Server Access

- - diff --git a/authz-fs/src/main/java/org/onap/aaf/authz/fs/FileServer.java b/authz-fs/src/main/java/org/onap/aaf/authz/fs/FileServer.java deleted file mode 100644 index 0a8547f3..00000000 --- a/authz-fs/src/main/java/org/onap/aaf/authz/fs/FileServer.java +++ /dev/null @@ -1,156 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.fs; - -import static org.onap.aaf.cssa.rserv.HttpMethods.GET; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.List; -import java.util.Properties; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.env.AuthzTransOnlyFilter; -import org.onap.aaf.cssa.rserv.CachingFileAccess; -import org.onap.aaf.cssa.rserv.RServlet; - -import com.att.aft.dme2.api.DME2Manager; -import com.att.aft.dme2.api.DME2Server; -import com.att.aft.dme2.api.DME2ServerProperties; -import com.att.aft.dme2.api.DME2ServiceHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType; -import com.att.aft.dme2.api.util.DME2ServletHolder; -import org.onap.aaf.inno.env.APIException; - - -public class FileServer extends RServlet { - public FileServer(final AuthzEnv env) throws APIException, IOException { - try { - /////////////////////// - // File Server - /////////////////////// - - CachingFileAccess cfa = new CachingFileAccess(env); - route(env,GET,"/:key", cfa); - route(env,GET,"/:key/:cmd", cfa); - /////////////////////// - - - } catch (Exception e) { - e.printStackTrace(); - } - } - - public static void main(String[] args) { - try { - // Load Properties from authFramework.properties. Needed for DME2 and AuthzEnv - Properties props = new Properties(); - URL rsrc = ClassLoader.getSystemResource("FileServer.props"); - if(rsrc==null) { - System.err.println("Folder containing FileServer.props must be on Classpath"); - System.exit(1); - } - InputStream is = rsrc.openStream(); - try { - props.load(is); - } finally { - is.close(); - } - - // Load Properties into AuthzEnv - AuthzEnv env = new AuthzEnv(props); - env.setLog4JNames("log4j.properties","authz","fs","audit","init",null); - - // AFT Discovery Libraries only read System Props - env.loadToSystemPropsStartsWith("AFT_","DME2_"); - env.init().log("DME2 using " + env.getProperty("DMEServiceName","unknown") + " URI"); - - // Start DME2 (DME2 needs Properties form of props) - DME2Manager dme2 = new DME2Manager("RServDME2Manager",props); - - DME2ServiceHolder svcHolder; - List slist = new ArrayList(); - svcHolder = new DME2ServiceHolder(); - String serviceName = env.getProperty("DMEServiceName",null); - if(serviceName!=null) { - svcHolder.setServiceURI(serviceName); - svcHolder.setManager(dme2); - svcHolder.setContext("/"); - - FileServer fs = new FileServer(env); - DME2ServletHolder srvHolder = new DME2ServletHolder(fs); - srvHolder.setContextPath("/*"); - slist.add(srvHolder); - - EnumSet edlist = EnumSet.of( - RequestDispatcherType.REQUEST, - RequestDispatcherType.FORWARD, - RequestDispatcherType.ASYNC - ); - - /////////////////////// - // Apply Filters - /////////////////////// - List flist = new ArrayList(); - - // Need TransFilter - flist.add(new DME2FilterHolder(new AuthzTransOnlyFilter(env),"/*",edlist)); - svcHolder.setFilters(flist); - svcHolder.setServletHolders(slist); - - DME2Server dme2svr = dme2.getServer(); - DME2ServerProperties dsprops = dme2svr.getServerProperties(); - dsprops.setGracefulShutdownTimeMs(1000); - - env.init().log("Starting AAF FileServer with Jetty/DME2 server..."); - dme2svr.start(); - try { -// if(env.getProperty("NO_REGISTER",null)!=null) - dme2.bindService(svcHolder); - env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort()); - - while(true) { // Per DME2 Examples... - Thread.sleep(5000); - } - } catch(InterruptedException e) { - env.init().log("AAF Jetty Server interrupted!"); - } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process - env.init().log(e,"DME2 Initialization Error"); - dme2svr.stop(); - System.exit(1); - } - } else { - env.init().log("Properties must contain DMEServiceName"); - } - - } catch (Exception e) { - e.printStackTrace(System.err); - System.exit(1); - } - } -} diff --git a/authz-fs/src/test/java/org/onap/aaf/authz/fs/JU_FileServer.java b/authz-fs/src/test/java/org/onap/aaf/authz/fs/JU_FileServer.java deleted file mode 100644 index 88858e7b..00000000 --- a/authz-fs/src/test/java/org/onap/aaf/authz/fs/JU_FileServer.java +++ /dev/null @@ -1,83 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.fs; - -import static org.junit.Assert.*; -import static org.onap.aaf.cssa.rserv.HttpMethods.GET; - -import java.io.File; -import java.io.IOException; -import java.net.URL; -import java.util.Properties; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Matchers; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.runners.MockitoJUnitRunner; -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.fs.*; -import org.onap.aaf.cssa.rserv.CachingFileAccess; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.modules.junit4.PowerMockRunner; - -import org.onap.aaf.inno.env.APIException; - -@RunWith(MockitoJUnitRunner.class) -public class JU_FileServer { - @Mock - AuthzEnv authzEnvMock; - AuthzEnv authzEnv = new AuthzEnv(); - - @Before - public void setUp() throws APIException, IOException{ - - } - - @SuppressWarnings("static-access") - @Test - public void testMain() throws Exception{ - - String[] args = null; - Properties props = new Properties(); - ClassLoader classLoader = getClass().getClassLoader(); - File file = new File(classLoader.getResource("FileServer.props").getFile()); - -//PowerMockito.whenNew(Something.class).withArguments(argument).thenReturn(mockSomething); - // env.setLog4JNames("log4j.properties","authz","fs","audit","init",null); - // PowerMockito.whenNew(AuthzEnv.class).withArguments(props).thenReturn(authzEnvMock); - // PowerMockito.doNothing().when(authzEnvMock.setLog4JNames(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString())); - // PowerMockito.when(new AuthzEnv(props)).thenReturn(authzEnvMock); - //PowerMockito.doNothing().when(authzEnv).setLog4JNames(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString()); - //PowerMockito.doNothing().when(authzEnvMock).setLog4JNames(" "," "," "," "," "," "); - - FileServer.main(args); - //assertTrue(true); - - } - -} diff --git a/authz-gui/pom.xml b/authz-gui/pom.xml deleted file mode 100644 index 215584f0..00000000 --- a/authz-gui/pom.xml +++ /dev/null @@ -1,277 +0,0 @@ - - - - - 4.0.0 - - com.att.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - authz-gui - Authz GUI (Mobile First) - GUI for Authz Management - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - - - true - 28 - UTF-8 - false - 1.0.0-SNAPSHOT - 1.0.0-SNAPSHOT - 1.0.0-SNAPSHOT - 3.1.200 - java - true - jacoco - ${project.build.directory}/surefire-reports - ${project.build.directory}/coverage-reports/jacoco.exec - ${project.build.directory}/coverage-reports/jacoco-it.exec - true - ${project.version} - https://nexus.onap.org - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - - - - - - com.att.authz - authz-core - ${project.version} - - - javax.servlet - servlet-api - - - - - - com.att.authz - authz-client - ${project.version} - - - - - - - com.att.authz - authz-cmd - ${project.version} - - - org.slf4j - slf4j-log4j12 - - - log4j - log4j - - - - - - org.onap.aaf.cadi - cadi-aaf - ${project.cadiVersion} - - - - org.onap.aaf.cadi - cadi-tguard - ${project.cadiVersion} - - - - org.onap.aaf.cadi - cadi-client - ${project.cadiVersion} - - - - gso - GLCookieDecryption - - - - org.onap.aaf.inno - xgen - ${project.innoVersion} - - - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - **/*.class - - - 2.3.1 - - - - maven-assembly-plugin - - - swm - package - - single - - - authz-gui-${project.version}.${project.swmVersion} - - - ../authz-service/src/main/assemble/swm.xml - - - - - - - - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - 0.7.7.201606060606 - - true - - org.onap.aaf.* - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco.exec - - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco-it.exec - - - - - - merge - - post-integration-test - - - - ${project.build.directory}/coverage-reports - - *.exec - - - - ${project.build.directory}/jacoco-dev.exec - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - diff --git a/authz-gui/src/main/config/authGUI.props b/authz-gui/src/main/config/authGUI.props deleted file mode 100644 index d90e4406..00000000 --- a/authz-gui/src/main/config/authGUI.props +++ /dev/null @@ -1,34 +0,0 @@ -## -## AUTHZ GUI (authz-gui) Properties -## - -hostname=_HOSTNAME_ - -## DISCOVERY (DME2) Parameters on the Command Line -AFT_LATITUDE=_AFT_LATITUDE_ -AFT_LONGITUDE=_AFT_LONGITUDE_ -AFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -DEPLOYED_VERSION=_ARTIFACT_VERSION_ - -## Pull in common/security properties - -cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props - -##DME2 related parameters -DMEServiceName=service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ -AFT_DME2_PORT_RANGE=_AUTHZ_GUI_PORT_RANGE_ - -# Turn on both AAF TAF & LUR 2.0 -aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ - -## URLs -aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding -aaf_url.aaf_help=http://wiki.web.att.com/display/aaf -aaf_url.cadi_help=http://wiki.web.att.com/display/cadi -aaf_tools=swm,scamper,dme2,soacloud -aaf_url.tool.swm=http://wiki.web.att.com/display/swm -aaf_url.tool.scamper=https://wiki.web.att.com/display/scamper/Home -aaf_url.tool.soacloud=https://wiki.web.att.com/display/soacloud/SOA+Cloud+Management+Platform -aaf_url.tool.dme2=https://wiki.web.att.com/display/soacloud/User+Guide+-+DME2 - - diff --git a/authz-gui/src/main/config/log4j.properties b/authz-gui/src/main/config/log4j.properties deleted file mode 100644 index e1c9db74..00000000 --- a/authz-gui/src/main/config/log4j.properties +++ /dev/null @@ -1,57 +0,0 @@ -############################################################################### -# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -############################################################################### -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init} -log4j.appender.INIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.INIT.layout=org.apache.log4j.PatternLayout -log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.GUI=org.apache.log4j.DailyRollingFileAppender -log4j.appender.GUI.File=_LOG_DIR_/${LOG4J_FILENAME_gui} -log4j.appender.GUI.DatePattern='.'yyyy-MM-dd -#log4j.appender.GUI.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.GUI.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.GUI.layout=org.apache.log4j.PatternLayout -log4j.appender.GUI.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit} -log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.GUI.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.GUI.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN -log4j.logger.org.apache=WARN,INIT -log4j.logger.dme2=WARN,INIT -log4j.logger.init=INFO,INIT -log4j.logger.gui=_LOG4J_LEVEL_,GUI -log4j.logger.audit=INFO,AUDIT - diff --git a/authz-gui/src/main/config/lrm-authz-gui.xml b/authz-gui/src/main/config/lrm-authz-gui.xml deleted file mode 100644 index f9a45e94..00000000 --- a/authz-gui/src/main/config/lrm-authz-gui.xml +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - - com.att.authz._ARTIFACT_ID_ - - _MAJOR_VER_ - _MINOR_VER_ - _PATCH_VER_ - - _ROUTE_OFFER_ - - Java - com.att.authz.gui.AuthGUI - - process.workdir - _ROOT_DIR_ - - - jvm.version - 1.8 - - - jvm.args - -DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 - - - jvm.classpath - _ROOT_DIR_/etc:_ROOT_DIR_/lib/*: - - - jvm.heap.min - 512m - - - jvm.heap.max - 2048m - - - start.class - com.att.authz.gui.AuthGUI - - - stdout.redirect - _ROOT_DIR_/logs/SystemOut.log - - - stderr.redirect - _ROOT_DIR_/logs/SystemErr.log - - aft - AUTO - 3 - _RESOURCE_MIN_COUNT_ - _RESOURCE_MAX_COUNT_ - _RESOURCE_REGISTRATION_ - com.att.authz:_ARTIFACT_ID_ - _ARTIFACT_VERSION_ - - diff --git a/authz-gui/src/main/java/com/att/authz/cui/CUI.java b/authz-gui/src/main/java/com/att/authz/cui/CUI.java deleted file mode 100644 index b5e2b9f3..00000000 --- a/authz-gui/src/main/java/com/att/authz/cui/CUI.java +++ /dev/null @@ -1,65 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.cui; - -import java.io.PrintWriter; -import java.security.Principal; - -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.http.HTransferSS; -import com.att.cmd.AAFcli; -import com.att.cssa.rserv.HttpCode; - -public class CUI extends HttpCode { - private final AuthGUI gui; - public CUI(AuthGUI gui) { - super(null,"Command Line"); - this.gui = gui; - } - - @Override - public void handle(AuthzTrans trans, HttpServletRequest req,HttpServletResponse resp) throws Exception { - ServletInputStream isr = req.getInputStream(); - PrintWriter pw = resp.getWriter(); - int c; - StringBuilder cmd = new StringBuilder(); - - while((c=isr.read())>=0) { - cmd.append((char)c); - } - - Principal p = trans.getUserPrincipal(); - trans.env().setProperty(Config.AAF_DEFAULT_REALM, trans.env().getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm())); - AAFcli aafcli = new AAFcli(trans.env(), pw, - gui.aafCon.hman(), - gui.aafCon.securityInfo(), new HTransferSS(p,AuthGUI.app, - gui.aafCon.securityInfo())); - - aafcli.verbose(false); - aafcli.gui(true); - String cmdStr = cmd.toString(); - if (!cmdStr.contains("--help")) { - cmdStr = cmdStr.replaceAll("help", "--help"); - } - if (!cmdStr.contains("--version")) { - cmdStr = cmdStr.replaceAll("version", "--version"); - } - try { - aafcli.eval(cmdStr); - pw.flush(); - } catch (Exception e) { - pw.flush(); - pw.println(e.getMessage()); - } finally { - aafcli.close(); - } - - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/AuthGUI.java b/authz-gui/src/main/java/com/att/authz/gui/AuthGUI.java deleted file mode 100644 index 470834ed..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/AuthGUI.java +++ /dev/null @@ -1,319 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import static com.att.cssa.rserv.HttpMethods.GET; -import static com.att.cssa.rserv.HttpMethods.POST; -import static com.att.cssa.rserv.HttpMethods.PUT; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.List; -import java.util.Properties; - -import com.att.aft.dme2.api.DME2Exception; -import com.att.aft.dme2.api.DME2Manager; -import com.att.aft.dme2.api.DME2Server; -import com.att.aft.dme2.api.DME2ServerProperties; -import com.att.aft.dme2.api.DME2ServiceHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType; -import com.att.aft.dme2.api.util.DME2ServletHolder; -import com.att.authz.common.Define; -import com.att.authz.cui.CUI; -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.env.AuthzTransFilter; -import com.att.authz.env.AuthzTransOnlyFilter; -import com.att.authz.gui.pages.ApiDocs; -import com.att.authz.gui.pages.ApiExample; -import com.att.authz.gui.pages.ApprovalAction; -import com.att.authz.gui.pages.ApprovalForm; -import com.att.authz.gui.pages.Home; -import com.att.authz.gui.pages.LoginLanding; -import com.att.authz.gui.pages.LoginLandingAction; -import com.att.authz.gui.pages.NsDetail; -import com.att.authz.gui.pages.NsHistory; -import com.att.authz.gui.pages.NsInfoAction; -import com.att.authz.gui.pages.NsInfoForm; -import com.att.authz.gui.pages.NssShow; -import com.att.authz.gui.pages.PassChangeAction; -import com.att.authz.gui.pages.PassChangeForm; -import com.att.authz.gui.pages.PendingRequestsShow; -import com.att.authz.gui.pages.PermDetail; -import com.att.authz.gui.pages.PermGrantAction; -import com.att.authz.gui.pages.PermGrantForm; -import com.att.authz.gui.pages.PermHistory; -import com.att.authz.gui.pages.PermsShow; -import com.att.authz.gui.pages.RequestDetail; -import com.att.authz.gui.pages.RoleDetail; -import com.att.authz.gui.pages.RoleHistory; -import com.att.authz.gui.pages.RolesShow; -import com.att.authz.gui.pages.UserRoleExtend; -import com.att.authz.gui.pages.UserRoleRemove; -import com.att.authz.gui.pages.WebCommand; -import com.att.authz.org.OrganizationFactory; -import com.att.authz.server.AbsServer; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.config.Config; -import com.att.cssa.rserv.CachingFileAccess; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.rosetta.env.RosettaDF; -import com.att.xgen.html.HTMLGen; -import com.att.xgen.html.State; - -import aaf.v2_0.Api; -import aaf.v2_0.Approvals; -import aaf.v2_0.CredRequest; -import aaf.v2_0.Error; -import aaf.v2_0.History; -import aaf.v2_0.Nss; -import aaf.v2_0.Perms; -import aaf.v2_0.RolePermRequest; -import aaf.v2_0.Roles; -import aaf.v2_0.UserRoles; -import aaf.v2_0.Users; - -public class AuthGUI extends AbsServer implements State{ - public static final int TIMEOUT = 60000; - public static final String app = "AAF GUI"; - - public RosettaDF permsDF; - public RosettaDF rolesDF; - public RosettaDF usersDF; - public RosettaDF userrolesDF; - public RosettaDF credReqDF; - public RosettaDF rolePermReqDF; - public RosettaDF approvalsDF; - public RosettaDF nssDF; - public RosettaDF apiDF; - public RosettaDF errDF; - public RosettaDF historyDF; - - public final AuthzEnv env; - public final Slot slot_httpServletRequest; - - public AuthGUI(final AuthzEnv env) throws CadiException, GeneralSecurityException, IOException, APIException { - super(env,app); - this.env = env; - - env.setLog4JNames("log4j.properties","authz","gui","audit","init","trace "); - OrganizationFactory.setDefaultOrg(env, "com.att.authz.org.att.ATT"); - - - slot_httpServletRequest = env.slot("HTTP_SERVLET_REQUEST"); - - permsDF = env.newDataFactory(Perms.class); - rolesDF = env.newDataFactory(Roles.class); -// credsDF = env.newDataFactory(Cred.class); - usersDF = env.newDataFactory(Users.class); - userrolesDF = env.newDataFactory(UserRoles.class); - credReqDF = env.newDataFactory(CredRequest.class); - rolePermReqDF = env.newDataFactory(RolePermRequest.class); - approvalsDF = env.newDataFactory(Approvals.class); - nssDF = env.newDataFactory(Nss.class); - apiDF = env.newDataFactory(Api.class); - errDF = env.newDataFactory(Error.class); - historyDF = env.newDataFactory(History.class); - - ///////////////////////// - // Screens - ///////////////////////// - // Start Screen - final Page start = new Display(this, GET, new Home(this)).page(); - - // MyPerms Screens - final Page myPerms = new Display(this, GET, new PermsShow(this, start)).page(); - Page permDetail = new Display(this, GET, new PermDetail(this, start, myPerms)).page(); - new Display(this, GET, new PermHistory(this,start,myPerms,permDetail)); - - // MyRoles Screens - final Page myRoles = new Display(this, GET, new RolesShow(this, start)).page(); - Page roleDetail = new Display(this, GET, new RoleDetail(this, start, myRoles)).page(); - new Display(this, GET, new RoleHistory(this,start,myRoles,roleDetail)); - - // MyNameSpace - final Page myNamespaces = new Display(this, GET, new NssShow(this, start)).page(); - Page nsDetail = new Display(this, GET, new NsDetail(this, start, myNamespaces)).page(); - new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail)); - - // Password Change Screens - final Page pwc = new Display(this, GET, new PassChangeForm(this, start)).page(); - new Display(this, POST, new PassChangeAction(this, start, pwc)); - - // Validation Change Screens - final Page validate = new Display(this, GET, new ApprovalForm(this, start)).page(); - new Display(this, POST, new ApprovalAction(this, start, validate)); - - // Onboard, Detailed Edit Screens - final Page onb = new Display(this, GET, new NsInfoForm(this, start)).page(); - new Display(this, POST, new NsInfoAction(this, start, onb)); - - // Web Command Screens - /* final Page webCommand =*/ new Display(this, GET, new WebCommand(this, start)).page(); - - // API Docs - final Page apidocs = new Display(this, GET, new ApiDocs(this, start)).page(); - new Display(this, GET, new ApiExample(this,start, apidocs)).page(); - - // Permission Grant Page - final Page permGrant = new Display(this, GET, new PermGrantForm(this, start)).page(); - new Display(this, POST, new PermGrantAction(this, start, permGrant)).page(); - - // Login Landing if no credentials detected - final Page loginLanding = new Display(this, GET, new LoginLanding(this, start)).page(); - new Display(this, POST, new LoginLandingAction(this, start, loginLanding)); - - // User Role Request Extend and Remove - new Display(this, GET, new UserRoleExtend(this, start,myRoles)).page(); - new Display(this, GET, new UserRoleRemove(this, start,myRoles)).page(); - - // See my Pending Requests - final Page requestsShow = new Display(this, GET, new PendingRequestsShow(this, start)).page(); - new Display(this, GET, new RequestDetail(this, start, requestsShow)); - - // Command line Mechanism - route(env, PUT, "/gui/cui", new CUI(this),"text/plain;charset=utf-8","*/*"); - - /////////////////////// - // WebContent Handler - /////////////////////// - route(env,GET,"/theme/:key", new CachingFileAccess(env, - CachingFileAccess.CFA_WEB_DIR,"theme")); - /////////////////////// - } - - public static void main(String[] args) { - setup(AuthGUI.class, "authGUI.props"); - } - - /** - * Start up AuthzAPI as DME2 Service - * @param env - * @param props - * @throws DME2Exception - * @throws CadiException - */ - public void startDME2(Properties props) throws DME2Exception, CadiException { - - DME2Manager dme2 = new DME2Manager("AAF GUI DME2Manager", props); - DME2ServiceHolder svcHolder; - List slist = new ArrayList(); - svcHolder = new DME2ServiceHolder(); - String serviceName = env.getProperty("DMEServiceName",null); - if(serviceName!=null) { - svcHolder.setServiceURI(serviceName); - svcHolder.setManager(dme2); - svcHolder.setContext("/"); - - - DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/gui"}); - srvHolder.setContextPath("/*"); - slist.add(srvHolder); - - EnumSet edlist = EnumSet.of( - RequestDispatcherType.REQUEST, - RequestDispatcherType.FORWARD, - RequestDispatcherType.ASYNC - ); - - /////////////////////// - // Apply Filters - /////////////////////// - List flist = new ArrayList(); - - // Secure all GUI interactions with AuthzTransFilter - flist.add(new DME2FilterHolder(new AuthzTransFilter(env, aafCon, new AAFTrustChecker( - env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN), - Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust" - )),"/gui/*", edlist)); - - // Don't need security for display Artifacts or login page - AuthzTransOnlyFilter atof; - flist.add(new DME2FilterHolder(atof =new AuthzTransOnlyFilter(env),"/theme/*", edlist)); - flist.add(new DME2FilterHolder(atof,"/js/*", edlist)); - flist.add(new DME2FilterHolder(atof,"/login/*", edlist)); - - svcHolder.setFilters(flist); - svcHolder.setServletHolders(slist); - - DME2Server dme2svr = dme2.getServer(); -// dme2svr.setGracefulShutdownTimeMs(1000); - - env.init().log("Starting AAF GUI with Jetty/DME2 server..."); - dme2svr.start(); - DME2ServerProperties dsprops = dme2svr.getServerProperties(); - try { -// if(env.getProperty("NO_REGISTER",null)!=null) - dme2.bindService(svcHolder); - env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort()); - - while(true) { // Per DME2 Examples... - Thread.sleep(5000); - } - } catch(InterruptedException e) { - env.init().log("AAF Jetty Server interrupted!"); - } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process - env.init().log(e,"DME2 Initialization Error"); - dme2svr.stop(); - System.exit(1); - } - } else { - env.init().log("Properties must contain DMEServiceName"); - } - } - - - public AuthzEnv env() { - return env; - } - - /** - * Derive API Error Class from AAF Response (future) - */ - public Error getError(AuthzTrans trans, Future fp) { -// try { - String text = fp.body(); - Error err = new Error(); - err.setMessageId(Integer.toString(fp.code())); - if(text==null || text.length()==0) { - err.setText("**No Message**"); - } else { - err.setText(fp.body()); - } - return err; -// } catch (APIException e) { -// Error err = new Error(); -// err.setMessageId(Integer.toString(fp.code())); -// err.setText("Could not obtain response from AAF Message: " + e.getMessage()); -// return err; -// } - } - - public void writeError(AuthzTrans trans, Future fp, HTMLGen hgen) { - Error err = getError(trans,fp); - - String messageBody = err.getText(); - List vars = err.getVariables(); - for (int varCounter=0;varCounter= 0) { - messageBody = messageBody.replace("%" + varCounter, var); - } - } - - String msg = "[" + err.getMessageId() + "] " + messageBody; - if(hgen!=null) { - hgen.text(msg); - } - trans.checkpoint("AAF Error: " + msg); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/BreadCrumbs.java b/authz-gui/src/main/java/com/att/authz/gui/BreadCrumbs.java deleted file mode 100644 index ffcc3f29..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/BreadCrumbs.java +++ /dev/null @@ -1,37 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import static com.att.xgen.html.HTMLGen.A; -import static com.att.xgen.html.HTMLGen.LI; -import static com.att.xgen.html.HTMLGen.UL; - -import java.io.IOException; - -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -public class BreadCrumbs extends NamedCode { - private Page[] breadcrumbs; - - public BreadCrumbs(Page ... pages) { - super(false,"breadcrumbs"); - breadcrumbs = pages; - } - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - // BreadCrumbs - Mark mark = new Mark(); - hgen.incr(mark, UL); - for(Page p : breadcrumbs) { - hgen.incr(LI,true) - .leaf(A,"href="+p.url()).text(p.name()) - .end(2); - } - hgen.end(mark); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/Controls.java b/authz-gui/src/main/java/com/att/authz/gui/Controls.java deleted file mode 100644 index e87075e5..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/Controls.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import java.io.IOException; - -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.html.HTMLGen; - -public class Controls extends NamedCode { - public Controls() { - super(false,"controls"); - } - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - hgen.incr("form","method=post") - .incr("input", true, "type=checkbox", "name=vehicle", "value=Bike").text("I have a bike").end() - .text("Password: ") - .incr("input", true, "type=password", "id=password1").end() - .tagOnly("input", "type=submit", "value=Submit") - .end(); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/Display.java b/authz-gui/src/main/java/com/att/authz/gui/Display.java deleted file mode 100644 index a3e6a64f..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/Display.java +++ /dev/null @@ -1,122 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import java.util.Enumeration; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.att.authz.env.AuthzTrans; -import com.att.cssa.rserv.HttpCode; -import com.att.cssa.rserv.HttpMethods; -import org.onap.aaf.inno.env.Slot; - -public class Display { - private final Page get; - public Display(final AuthGUI gui, final HttpMethods meth, final Page page) { - get = page; - final String[] fields = page.fields(); - final Slot slots[] = new Slot[fields.length]; - String prefix = page.name() + '.'; - for(int i=0;i(gui,page.name()) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - trans.put(gui.slot_httpServletRequest, req); - for(int i=0; i names = req.getParameterNames(); names.hasMoreElements();) { - String key = names.nextElement(); - if(key.subSequence(0, idx).equals(field)) { - try { - int x = Integer.parseInt(key.substring(field.length())); - if(x>=array.length) { - String[] temp = new String[x+10]; - System.arraycopy(temp, 0, temp, 0, array.length); - array = temp; - } - array[x]=req.getParameter(key); - } catch (NumberFormatException e) { - trans.debug().log(e); - } - } - } - trans.put(slots[i], array); - } - } - page.replay(context,trans,resp.getOutputStream(),"general"); - } - }, "application/x-www-form-urlencoded","*/*"); - - } else { - // Transfer whether Page shouldn't be cached to local Final var. - final boolean no_cache = page.no_cache; - - gui.route(gui.env, meth, page.url(), - new HttpCode(gui,page.name()) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - trans.put(gui.slot_httpServletRequest, req); - for(int i=0; i mm = req.getParameterNames();mm.hasMoreElements();) { - String key = mm.nextElement(); - if(key.startsWith(field)) { - try { - int x = Integer.parseInt(key.substring(field.length())); - if(x>=array.length) { - String[] temp = new String[x+10]; - System.arraycopy(temp, 0, temp, 0, array.length); - array = temp; - } - array[x]=req.getParameter(key); - } catch (NumberFormatException e) { - trans.debug().log(e); - } - } - } - trans.put(slots[i], array); - } - } - page.replay(context,trans,resp.getOutputStream(),"general"); - } - - @Override - public boolean no_cache() { - return no_cache; - } - }, "text/html","*/*"); - } - - } - - public Page page() { - return get; - } -} \ No newline at end of file diff --git a/authz-gui/src/main/java/com/att/authz/gui/Form.java b/authz-gui/src/main/java/com/att/authz/gui/Form.java deleted file mode 100644 index 52f56990..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/Form.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import java.io.IOException; - -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.html.HTMLGen; - -public class Form extends NamedCode { - private String preamble; - private NamedCode content; - - public Form(boolean no_cache, NamedCode content) { - super(no_cache,content.idattrs()); - this.content = content; - preamble=null; - idattrs = content.idattrs(); - } - - public Form preamble(String preamble) { - this.preamble = preamble; - return this; - } - - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - if(preamble!=null) { - hgen.incr("p","class=preamble").text(preamble).end(); - } - hgen.incr("form","method=post"); - - content.code(cache, hgen); - - hgen.tagOnly("input", "type=submit", "value=Submit") - .tagOnly("input", "type=reset", "value=Reset") - .end(); - } - - /* (non-Javadoc) - * @see com.att.authz.gui.NamedCode#idattrs() - */ - @Override - public String[] idattrs() { - return content.idattrs(); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/NamedCode.java b/authz-gui/src/main/java/com/att/authz/gui/NamedCode.java deleted file mode 100644 index 90e11707..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/NamedCode.java +++ /dev/null @@ -1,31 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import com.att.xgen.Code; -import com.att.xgen.html.HTMLGen; - - - -public abstract class NamedCode implements Code { - public final boolean no_cache; - protected String[] idattrs; - - /* - * Mark whether this code should not be cached, and any attributes - */ - public NamedCode(final boolean no_cache, String ... idattrs) { - this.idattrs = idattrs; - this.no_cache = no_cache; - } - - /** - * Return ID and Any Attributes needed to create a "div" section of this code - * @return - */ - public String[] idattrs() { - return idattrs; - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/Page.java b/authz-gui/src/main/java/com/att/authz/gui/Page.java deleted file mode 100644 index a8c48e69..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/Page.java +++ /dev/null @@ -1,292 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import static com.att.xgen.html.HTMLGen.A; -import static com.att.xgen.html.HTMLGen.H1; -import static com.att.xgen.html.HTMLGen.LI; -import static com.att.xgen.html.HTMLGen.TITLE; -import static com.att.xgen.html.HTMLGen.UL; - -import java.io.IOException; -import java.security.Principal; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.util.Split; -import com.att.xgen.Cache; -import com.att.xgen.CacheGen; -import com.att.xgen.Code; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLCacheGen; -import com.att.xgen.html.HTMLGen; -import com.att.xgen.html.Imports; - -/** - * A Base "Mobile First" Page - * - * - */ -public class Page extends HTMLCacheGen { - public static enum BROWSER {iPhone,html5,ie,ieOld}; - - public static final int MAX_LINE=20; - - protected static final String[] NO_FIELDS = new String[0]; - - private static final String ENV_CONTEXT = "envContext"; - private static final String DME_SERVICE_NAME = "DMEServiceName"; - private static final String ROUTE_OFFER = "routeOffer"; - private static final String BROWSER_TYPE = "BROWSER_TYPE"; - - private final String bcName, bcUrl; - private final String[] fields; - - public final boolean no_cache; - - public String name() { - return bcName; - } - - public String url() { - return bcUrl; - } - - public String[] fields() { - return fields; - } - - public Page(AuthzEnv env, String name, String url, String [] fields, final NamedCode ... content) throws APIException,IOException { - this(env,name,url,1,fields,content); - } - - public Page(AuthzEnv env, String name, String url, int backdots, String [] fields, final NamedCode ... content) throws APIException,IOException { - super(CacheGen.PRETTY, new PageCode(env, backdots, content)); - bcName = name; - bcUrl = url; - this.fields = fields; - // Mark which fields must be "no_cache" - boolean no_cacheTemp=false; - for(NamedCode nc : content) { - if(nc.no_cache) { - no_cacheTemp=true; - break; - } - } - no_cache=no_cacheTemp; - } - - private static class PageCode implements Code { - private final NamedCode[] content; - private final Slot browserSlot; - private final int backdots; - protected AuthzEnv env; - - public PageCode(AuthzEnv env, int backdots, final NamedCode[] content) { - this.content = content; - this.backdots = backdots; - browserSlot = env.slot(BROWSER_TYPE); - this.env = env; - } - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - // Note: I found that App Storage saves everything about the page, or not. Thus, if you declare the page uncacheable, none of the - // Artifacts, like JPGs are stored, which makes this feature useless for Server driven elements - //hgen.html("manifest=../theme/aaf.appcache"); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI state, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - switch(browser(trans,browserSlot)) { - case ieOld: - case ie: - hgen.directive("!DOCTYPE html"); - hgen.directive("meta", "http-equiv=X-UA-Compatible","content=IE=11"); - default: - } - } - }); - hgen.html(); - Mark head = hgen.head(); - hgen.leaf(TITLE).text("AT&T Authentication/Authorization Tool").end(); - hgen.imports(new Imports(backdots).css("theme/aaf5.css") - .js("theme/comm.js") - .js("theme/console.js") - .js("theme/common.js")); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI state, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - switch(browser(trans,browserSlot)) { - case iPhone: - hgen.imports(new Imports(backdots).css("theme/aaf5iPhone.css")); - break; - case ie: - case ieOld: - hgen.js().text("document.createElement('header');") - .text("document.createElement('nav');") - .done(); - case html5: - hgen.imports(new Imports(backdots).css("theme/aaf5Desktop.css")); - break; - } - } - }); - hgen.end(head); - - Mark body = hgen.body(); - Mark header = hgen.header(); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI state, AuthzTrans trans,Cache cache, HTMLGen xgen) - throws APIException, IOException { - // Obtain Server Info, and print - String DMEServiceName = trans.getProperty(DME_SERVICE_NAME); - String env = DMEServiceName.substring( - DMEServiceName.indexOf(ENV_CONTEXT), - DMEServiceName.indexOf(ROUTE_OFFER) -1).split("=")[1]; - - xgen.leaf(H1).text("AT&T Auth Tool on " + env).end(); - xgen.leaf("p","id=version").text("AAF Version: " + trans.getProperty(Config.AAF_DEPLOYED_VERSION, "N/A")).end(); - - // Obtain User Info, and print - Principal p = trans.getUserPrincipal(); - String user; - if(p==null) { - user = "please choose a Login Authority"; - } else { - user = p.getName(); - } - xgen.leaf("p","id=welcome").text("Welcome, " + user).end(); - - switch(browser(trans,browserSlot)) { - case ieOld: - case ie: - xgen.incr("h5").text("This app is Mobile First HTML5. Internet Explorer " - + " does not support all HTML5 standards. Old, non TSS-Standard versions may not function correctly.").br() - .text(" For best results, use a highly compliant HTML5 browser like Firefox.") - .end(); - break; - default: - } - } - }); - - hgen.hr(); - - int cIdx; - NamedCode nc; - // If BreadCrumbs, put here - if(content.length>0 && content[0] instanceof BreadCrumbs) { - nc = content[0]; - Mark ctnt = hgen.divID(nc.idattrs()); - nc.code(cache, hgen); - hgen.end(ctnt); - cIdx = 1; - } else { - cIdx = 0; - } - - hgen.end(header); - - Mark inner = hgen.divID("inner"); - // Content - for(int i=cIdx;i=0 - * - * Use int found in "ieVersion" - * - * Official IE 7 - * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; - * .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) - * Official IE 8 - * Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; - * .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ATT) - * - * IE 11 Compatibility - * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; - * .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; HVD; ATT) - * - * IE 11 (not Compatiblity) - * Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; - * .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; HVD; ATT) - * - * @param trans - * @return - */ - public static BROWSER browser(AuthzTrans trans, Slot slot) { - BROWSER br = trans.get(slot, null); - if(br==null) { - String agent = trans.agent(); - int msie; - if(agent.contains("iPhone") /* other phones? */) { - br=BROWSER.iPhone; - } else if ((msie = agent.indexOf("MSIE"))>=0) { - msie+=5; - int end = agent.indexOf(";",msie); - float ver; - try { - ver = Float.valueOf(agent.substring(msie,end)); - br = ver<8f?BROWSER.ieOld:BROWSER.ie; - } catch (Exception e) { - br = BROWSER.ie; - } - } else { - br = BROWSER.html5; - } - trans.put(slot,br); - } - return br; - } -} - diff --git a/authz-gui/src/main/java/com/att/authz/gui/Table.java b/authz-gui/src/main/java/com/att/authz/gui/Table.java deleted file mode 100644 index f15d4beb..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/Table.java +++ /dev/null @@ -1,149 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui; - -import static com.att.xgen.html.HTMLGen.TABLE; -import static com.att.xgen.html.HTMLGen.TD; -import static com.att.xgen.html.HTMLGen.TR; - -import java.io.IOException; -import java.util.ArrayList; - -import com.att.authz.gui.table.AbsCell; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.Trans; -import org.onap.aaf.inno.env.TransStore; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; -import com.att.xgen.html.State; - -public class Table, TRANS extends TransStore> extends NamedCode { - private final Slot ROW_MSG_SLOT, EMPTY_TABLE_SLOT; - private final String title; - private final String[] columns; - private final Rows rows; - - public Table(String title, TRANS trans, Data data, String ... attrs) { - super(true,attrs); - ROW_MSG_SLOT=trans.slot("TABLE_ROW_MSG"); - EMPTY_TABLE_SLOT=trans.slot("TABLE_EMPTY"); - this.columns = data.headers(); - boolean alt = false; - for(String s : attrs) { - if("class=std".equals(s) || "class=stdform".equals(s)) { - alt=true; - } - } - rows = new Rows(data,alt?1:0); - this.title = title; - - // Derive an ID from title (from no spaces, etc), and prepend to IDAttributes (Protected from NamedCode) - idattrs = new String[attrs.length+1]; - idattrs[0] = title.replaceAll("\\s",""); - System.arraycopy(attrs, 0, idattrs, 1, attrs.length); - } - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - Mark table = new Mark(); - Mark tr = new Mark(); - hgen.incr(table,TABLE) - .leaf("caption", "class=title").text(title).end() - .incr(tr,TR); - for(String column : columns) { - hgen.leaf("th").text(column).end(); - } - hgen.end(tr); - - // Load Rows Dynamically - cache.dynamic(hgen, rows); - // End Table - hgen.end(table); - - // Print Message from Row Gathering, if available - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(S state, TRANS trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - String msg; - if((msg = trans.get(EMPTY_TABLE_SLOT, null))!=null) { - hgen.incr("style").text("#inner tr,caption,input,p.preamble {display: none;}#inner p.notfound {margin: 0px 0px 0px 20px}").end(); - hgen.incr(HTMLGen.P,"class=notfound").text(msg).end().br(); - } else if((msg=trans.get(ROW_MSG_SLOT,null))!=null) { - hgen.p(msg).br(); - } - } - }); - } - - public static class Cells { - public static final Cells EMPTY = new Cells(); - private Cells() { - cells = new AbsCell[0][0]; - msg = "No Data Found"; - } - - public Cells(ArrayList arrayCells, String msg) { - cells = new AbsCell[arrayCells.size()][]; - arrayCells.toArray(cells); - this.msg = msg; - } - public AbsCell[][] cells; - public String msg; - } - - public interface Data, TRANS extends Trans> { - public Cells get(S state,TRANS trans); - public String[] headers(); - } - - private class Rows extends DynamicCode { - private Data data; - private int alt; - - public Rows(Data data, int alt) { - this.data = data; - this.alt = alt; - } - - @Override - public void code(S state, TRANS trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - Mark tr = new Mark(); - Mark td = new Mark(); - - int alt = this.alt; - Cells cells = data.get(state, trans); - if(cells.cells.length>0) { - for(AbsCell[] row : cells.cells) { - switch(alt) { - case 1: - alt=2; - case 0: - hgen.incr(tr,TR); - break; - default: - alt=1; - hgen.incr(tr,TR,"class=alt"); - } - for(AbsCell cell :row) { - hgen.leaf(td, TD,cell.attrs()); - cell.write(hgen); - hgen.end(td); - } - hgen.end(tr); - } - // Pass Msg back to Table code, in order to place after Table Complete - if(cells.msg!=null) { - trans.put(ROW_MSG_SLOT,cells.msg); - } - - } else { - trans.put(EMPTY_TABLE_SLOT,cells.msg); - } - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/ApiDocs.java b/authz-gui/src/main/java/com/att/authz/gui/pages/ApiDocs.java deleted file mode 100644 index 75ab331b..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/ApiDocs.java +++ /dev/null @@ -1,304 +0,0 @@ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import com.att.cssa.rserv.HttpMethods; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Api; -import aaf.v2_0.Api.Route; - -public class ApiDocs extends Page { - // Package on purpose - private static final String HREF = "/gui/api"; - private static final String NAME = "AAF RESTful API"; - private static final String fields[] = {}; - private static final String ERROR_LINK = "JSON " - + "XML "; - - - public ApiDocs(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, fields, - new BreadCrumbs(breadcrumbs), - new Preamble(), - new Table("AAF API Reference",gui.env.newTransNoAvg(),new Model(), "class=std") - ); - } - - private static class Preamble extends NamedCode { - - private static final String I = "i"; - - public Preamble() { - super(false, "preamble"); - } - - @Override - public void code(Cache cache, HTMLGen xgen) throws APIException, IOException { - xgen.leaf(HTMLGen.H1).text("AAF 2.0 RESTful interface").end() - .hr(); - xgen.leaf(HTMLGen.H2).text("Accessing RESTful").end(); - xgen.incr(HTMLGen.UL) - .leaf(HTMLGen.LI).text("AAF RESTful service is secured by the following:").end() - .incr(HTMLGen.UL) - .leaf(HTMLGen.LI).text("The Client must utilize HTTP/S. Non Secure HTTP is not acceptable").end() - .leaf(HTMLGen.LI).text("The Client MUST supply an Identity validated by one of the following mechanisms").end() - .incr(HTMLGen.UL) - .leaf(HTMLGen.LI).text("(Near Future) Application level Certificate").end() - .end() - .end() - .leaf(HTMLGen.LI).text("Responses").end() - .incr(HTMLGen.UL) - .leaf(HTMLGen.LI).text("Each API Entity listed shows what structure will be accepted by service (ContentType) " - + "or responded with by service (Accept). Therefore, use these in making your call. Critical for PUT/POST.").end() - .leaf(HTMLGen.LI).text("Each API call may respond with JSON or XML. Choose the ContentType/Accept that has " - + "+json after the type for JSON or +xml after the Type for XML").end() - .leaf(HTMLGen.LI).text("XSDs for Versions").end() - .incr(HTMLGen.UL) - .leaf(HTMLGen.LI).leaf(HTMLGen.A,"href=../theme/aaf_2_0.xsd").text("API 2.0").end().end() - .end() - .leaf(HTMLGen.LI).text("AAF can support multiple Versions of the API. Choose the ContentType/Accept that has " - + "the appropriate version=?.?").end() - .leaf(HTMLGen.LI).text("All Errors coming from AAF return AT&T Standard Error Message as a String: " + ERROR_LINK - + " (does not apply to errors from Container)").end() - .end() - .leaf(HTMLGen.LI).text("Character Restrictions").end() - .incr(HTMLGen.UL) - .leaf(HTMLGen.LI).text("Character Restrictions must depend on the Enforcement Point used").end() - .leaf(HTMLGen.LI).text("Most AAF usage will be AAF Enforcement Point Characters for Instance and Action are:") - .br().br().leaf(I).text("a-zA-Z0-9,.()_-=%").end() - .br().br().text("For Instance, you may declare a multi-dimensional key with : (colon) separator, example:").end() - .br().leaf(I).text(":myCluster:myKeyspace").end() - .br().br().text("The * (asterix) may be used as a wild-card by itself or within the multi-dimensional key, example:") - .br().leaf(I).text(":myCluster:*").end() - .br().br().text("The % (percent) character can be used as an Escape Character. Applications can use % followed by 2 hexadecimal " - + "digits to cover odd keys. It is their code, however, which must translate.") - .br().br().text("The = (equals) is allowed so that Applications can pass Base64 encodations of binary keys").end() - .leaf(HTMLGen.LI).text("Ask for a Consultation on how these are typically used, or, if your tool is the only Enforcement Point, if set may be expanded").end() - .end() - .end(); - /* - - The Content is defined in the AAF XSD - TODO Add aaf.xsdâ€�; - Character Restrictions - - URLs impose restrictions on characters which have specific meanings. This means you cannot have these characters in the Field Content you send - “#â€� is a “Fragment URLâ€�, or anchor. Content after this Character is not sent. AAF cannot do anything about this… don’t use it. - “?=&â€�. These are used to delineate Parameters. - “/“ is used to separate fields - */ - } - - }; - /** - * Implement the Table Content for Permissions by User - * - * - */ - private static class Model implements Table.Data { - public static final String[] HEADERS = new String[] {"Entity","Method","Path Info","Description"}; - private static final TextCell BLANK = new TextCell(""); - - @Override - public String[] headers() { - return HEADERS; - } - - @SuppressWarnings("unchecked") - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - ArrayList ns = new ArrayList(); - ArrayList perms = new ArrayList(); - ArrayList roles = new ArrayList(); - ArrayList user = new ArrayList(); - ArrayList aafOnly = new ArrayList(); - ArrayList rv = new ArrayList(); - - - TimeTaken tt = trans.start("AAF APIs",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fa = client.read("/api",gui.apiDF); - if(fa.get(5000)) { - tt.done(); - TimeTaken tt2 = trans.start("Load Data", Env.SUB); - try { - if(fa.value!=null)for(Route r : fa.value.getRoute()) { - String path = r.getPath(); - // Build info - StringBuilder desc = new StringBuilder(); - - desc.append("

"); - desc.append(r.getDesc()); - - if(r.getComments().size()>0) { - for(String ct : r.getComments()) { - desc.append("

"); - desc.append(ct); - } - } - - if(r.getParam().size()>0) { - desc.append("

Parameters

"); - - for(String params : r.getParam()) { - String param[] = params.split("\\s*\\|\\s*"); - desc.append("

"); - desc.append(param[0]); - desc.append(" : "); - desc.append(param[1]); - if("true".equalsIgnoreCase(param[2])) { - desc.append(" (Required)"); - } - } - } - - - if(r.getExpected()!=0) { - desc.append("

Expected HTTP Code

"); - desc.append(r.getExpected()); - } - - if(r.getExplicitErr().size()!=0) { - desc.append("

Explicit HTTP Error Codes

"); - boolean first = true; - for(int ee : r.getExplicitErr()) { - if(first) { - first = false; - } else { - desc.append(", "); - } - desc.append(ee); - } - } - - desc.append("

"); - desc.append("GET".equals(r.getMeth())?"Accept:":"ContentType:"); - Collections.sort(r.getContentType()); - if(r.getPath().startsWith("/authn/basicAuth")) { - desc.append("

text/plain"); - } - for(String ct : r.getContentType()) { - if(ct.contains("version=2")) { - desc.append("

"); - desc.append(ct); - desc.append(""); - } - } - desc.append("

"); - - - AbsCell[] sa = new AbsCell[] { - null, - new TextCell(r.getMeth(),"class=right"), - new TextCell(r.getPath()), - new TextCell(desc.toString()), - }; - - if(path.startsWith("/authz/perm")) { - sa[0] = perms.size()==0?new TextCell("PERMISSION"):BLANK; - perms.add(sa); - } else if(path.startsWith("/authz/role") || path.startsWith("/authz/userRole")) { - sa[0] = roles.size()==0?new TextCell("ROLE"):BLANK; - roles.add(sa); - } else if(path.startsWith("/authz/ns")) { - sa[0] = ns.size()==0?new TextCell("NAMESPACE"):BLANK; - ns.add(sa); - } else if(path.startsWith("/authn/basicAuth") - || path.startsWith("/authn/validate") - || path.startsWith("/authz/user")) { - sa[0] = user.size()==0?new TextCell("USER"):BLANK; - user.add(sa); - } else { - sa[0] = aafOnly.size()==0?new TextCell("AAF ONLY"):BLANK; - aafOnly.add(sa); - } - } - //TODO if(trans.fish(p)) - prepare(rv, perms,roles,ns,user); - } finally { - tt2.done(); - } - } else { - gui.writeError(trans, fa, null); - } - return null; - } - }); - } catch (Exception e) { - trans.error().log(e.getMessage()); - } finally { - tt.done(); - } - - return new Cells(rv,null); - } - - @SuppressWarnings("unchecked") - private void prepare(ArrayList rv, ArrayList ... all) { - AbsCell lead; - AbsCell[] row; - for(ArrayList al : all) { - if(al.size()>1) { - row = al.get(0); - lead = row[0]; - row[0]=BLANK; - al.get(0).clone()[0]=BLANK; - Collections.sort(al, new Comparator() { - @Override - public int compare(AbsCell[] ca1, AbsCell[] ca2) { - int meth = ((TextCell)ca1[2]).name.compareTo( - ((TextCell)ca2[2]).name); - if(meth == 0) { - return (HttpMethods.valueOf(((TextCell)ca1[1]).name).compareTo( - HttpMethods.valueOf(((TextCell)ca2[1]).name))); - } else { - return meth; - } - } - }); - // set new first row - al.get(0)[0]=lead; - - rv.addAll(al); - } - } - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/ApiExample.java b/authz-gui/src/main/java/com/att/authz/gui/pages/ApiExample.java deleted file mode 100644 index 5e8f81c6..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/ApiExample.java +++ /dev/null @@ -1,122 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data.TYPE; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Error; - -/** - * Detail Page for Permissions - * - * - */ -public class ApiExample extends Page { - public static final String HREF = "/gui/example/:tc"; - public static final String NAME = "APIExample"; - - public ApiExample(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME, HREF, 2/*backdots*/, new String[] {"API Code Example"}, - new BreadCrumbs(breadcrumbs), - new Model() - ); - } - - private static class Model extends NamedCode { - private static final String WITH_OPTIONAL_PARAMETERS = "\n\n////////////\n Data with Optional Parameters \n////////////\n\n"; - - public Model() { - super(false); - } - - @Override - public void code(Cache cache, HTMLGen xgen) throws APIException, IOException { - Mark inner = xgen.divID("inner"); - xgen.divID("example","class=std"); - cache.dynamic(xgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen xgen) throws APIException, IOException { - TimeTaken tt = trans.start("Code Example",Env.REMOTE); - try { - final String typecode; - int prefix = trans.path().lastIndexOf('/')+1; - String encoded = trans.path().substring(prefix); - typecode = Symm.base64noSplit.decode(encoded); - Future fp = gui.client().read("/api/example/" + encoded, - "application/Void+json" - ); - Future fs2; - if(typecode.contains("Request+")) { - fs2 = gui.client().read("/api/example/" + typecode+"?optional=true", - "application/Void+json" - ); - } else { - fs2=null; - } - - - if(fp.get(5000)) { - xgen.incr(HTMLGen.H1).text("Sample Code").end() - .incr(HTMLGen.H5).text(typecode).end(); - xgen.incr("pre"); - if(typecode.contains("+xml")) { - xgen.xml(fp.body()); - if(fs2!=null && fs2.get(5000)) { - xgen.text(WITH_OPTIONAL_PARAMETERS); - xgen.xml(fs2.body()); - } - } else { - xgen.text(fp.body()); - if(fs2!=null && fs2.get(5000)) { - xgen.text(WITH_OPTIONAL_PARAMETERS); - xgen.text(fs2.body()); - } - } - xgen.end(); - } else { - Error err = gui.errDF.newData().in(TYPE.JSON).load(fp.body()).asObject(); - xgen.incr(HTMLGen.H3) - .textCR(2,"Error from AAF Service") - .end(); - - xgen.p("Error Code: ",err.getMessageId()) - .p(err.getText()) - .end(); - - } - - } catch (APIException e) { - throw e; - } catch (IOException e) { - throw e; - } catch (Exception e) { - throw new APIException(e); - }finally { - tt.done(); - } - } - - }); - xgen.end(inner); - } - } - -} - \ No newline at end of file diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalAction.java b/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalAction.java deleted file mode 100644 index 22230ccc..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalAction.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Approval; -import aaf.v2_0.Approvals; - -public class ApprovalAction extends Page { - public ApprovalAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,"Approvals",ApprovalForm.HREF, ApprovalForm.FIELDS, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - final Slot sAppr = gui.env.slot(ApprovalForm.NAME+'.'+ApprovalForm.FIELDS[0]); - final Slot sUser = gui.env.slot(ApprovalForm.NAME+'.'+ApprovalForm.FIELDS[1]); - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, final AuthzTrans trans,Cache cache, HTMLGen hgen) throws APIException, IOException { - boolean fail = true; - String[] appr = trans.get(sAppr,null); - String user = trans.get(sUser,null); - String lastPage = ApprovalForm.HREF; - if (user != null) { - lastPage += "?user="+user; - } - - if(appr==null) { - hgen.p("No Approvals have been selected."); - } else { - Approval app; - final Approvals apps = new Approvals(); - int count = 0; - for(String a : appr) { - if(a!=null) { - int idx = a.indexOf('|'); - if(idx>=0) { - app = new Approval(); - app.setStatus(a.substring(0,idx)); - app.setTicket(a.substring(++idx)); - app.setApprover(trans.getUserPrincipal().getName()); - apps.getApprovals().add(app); - ++count; - } - } - } - if(apps.getApprovals().isEmpty()) { - hgen.p("No Approvals have been sent."); - } else { - TimeTaken tt = trans.start("AAF Update Approvals",Env.REMOTE); - try { - final int total = count; - fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Boolean code(Rcli client) throws APIException, CadiException { - boolean fail2 = true; - Future fa = client.update("/authz/approval",gui.approvalsDF,apps); - if(fa.get(AuthGUI.TIMEOUT)) { - // Do Remote Call - fail2 = false; - hgen.p(total + (total==1?" Approval has":" Approvals have") + " been Saved"); - } else { - gui.writeError(trans, fa, hgen); - } - return fail2; - } - }); - } catch (Exception e) { - e.printStackTrace(); - } finally { - tt.done(); - } - } - - hgen.br(); - if(fail) { - hgen.incr("a",true,"href="+lastPage).text("Try again").end(); - } else { - hgen.incr("a",true,"href="+Home.HREF).text("Home").end(); - } - } - } - }); - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalForm.java b/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalForm.java deleted file mode 100644 index e6cf0410..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/ApprovalForm.java +++ /dev/null @@ -1,262 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Form; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.ButtonCell; -import com.att.authz.gui.table.RadioCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextAndRefCell; -import com.att.authz.gui.table.TextCell; -import com.att.authz.org.Organization; -import com.att.authz.org.Organization.Identity; -import com.att.authz.org.OrganizationFactory; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Approval; - -public class ApprovalForm extends Page { - // Package on purpose - static final String NAME="Approvals"; - static final String HREF = "/gui/approve"; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static final String[] FIELDS = new String[] {"line[]","user"}; - - - public ApprovalForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, FIELDS, - - new BreadCrumbs(breadcrumbs), - new NamedCode(false, "filterByUser") { - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - String user = trans.get(trans.env().slot(NAME+".user"),""); - hgen.incr("p", "class=userFilter") - .text("Filter by User:") - .tagOnly("input", "type=text", "value="+user, "id=userTextBox") - .tagOnly("input", "type=button", "onclick=userFilter('"+HREF+"');", "value=Go!") - .end(); - } - }); - } - }, - new Form(true,new Table("Approval Requests", gui.env.newTransNoAvg(),new Model(gui.env()),"class=stdform")) - .preamble("The following requires your Approval to proceed in the AAF System.

Hover on Identity for Name; click for WebPhone"), - new NamedCode(false, "selectAlljs") { - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - Mark jsStart = new Mark(); - hgen.js(jsStart); - hgen.text("function selectAll(radioClass) {"); - hgen.text("var radios = document.querySelectorAll(\".\"+radioClass);"); - hgen.text("for (i = 0; i < radios.length; i++) {"); - hgen.text("radios[i].checked = true;"); - hgen.text("}"); - hgen.text("}"); - hgen.end(jsStart); - } - }); - - } - - /** - * Implement the Table Content for Approvals - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[] {"Identity","Request","Approve","Deny"}; - private static final Object THE_DOMAIN = null; - private Slot sUser; - - public Model(AuthzEnv env) { - sUser = env.slot(NAME+".user"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String userParam = trans.get(sUser, null); - ArrayList rv = new ArrayList(); - String msg = null; - TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE); - try { - final List pendingApprovals = new ArrayList(); - final List beginIndicesPerApprover = new ArrayList(); - int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Integer code(Rcli client) throws CadiException, ConnectException, APIException { - Future fa = client.read("/authz/approval/approver/"+trans.user(),gui.approvalsDF); - int numLeft = 0; - if(fa.get(AuthGUI.TIMEOUT)) { - - if(fa.value!=null) { - for (Approval appr : fa.value.getApprovals()) { - if (appr.getStatus().equals("pending")) { - if (userParam!=null) { - if (!appr.getUser().equalsIgnoreCase(userParam)) { - numLeft++; - continue; - } - } - pendingApprovals.add(appr); - } - } - } - - String prevApprover = null; - int overallIndex = 0; - - for (Approval appr : pendingApprovals) { - String currApprover = appr.getApprover(); - if (!currApprover.equals(prevApprover)) { - prevApprover = currApprover; - beginIndicesPerApprover.add(overallIndex); - } - overallIndex++; - } - } - return numLeft; - } - }); - - if (pendingApprovals.size() > 0) { - // Only add select all links if we have approvals - AbsCell[] selectAllRow = new AbsCell[] { - AbsCell.Null, - AbsCell.Null, - new ButtonCell("all", "onclick=selectAll('approve')", "class=selectAllButton"), - new ButtonCell("all", "onclick=selectAll('deny')", "class=selectAllButton") - }; - rv.add(selectAllRow); - } - - int line=-1; - - while (beginIndicesPerApprover.size() > 0) { - int beginIndex = beginIndicesPerApprover.remove(0); - int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0)); - List currApproverList = pendingApprovals.subList(beginIndex, endIndex); - - String currApproverFull = currApproverList.get(0).getApprover(); - String currApproverShort = currApproverFull.substring(0,currApproverFull.indexOf('@')); - String currApprover = (trans.user().indexOf('@')<0?currApproverShort:currApproverFull); - if (!currApprover.equals(trans.user())) { - AbsCell[] approverHeader; - if (currApproverFull.substring(currApproverFull.indexOf('@')).equals(THE_DOMAIN)) { - approverHeader = new AbsCell[] { - new TextAndRefCell("Approvals Delegated to Me by ", currApprover, - WEBPHONE + currApproverShort, - new String[] {"colspan=4", "class=head"}) - }; - } else { - approverHeader = new AbsCell[] { - new TextCell("Approvals Delegated to Me by " + currApprover, - new String[] {"colspan=4", "class=head"}) - }; - } - rv.add(approverHeader); - } - - // Sort by User Requesting - Collections.sort(currApproverList, new Comparator() { - @Override - public int compare(Approval a1, Approval a2) { - return a1.getUser().compareTo(a2.getUser()); - } - }); - - String prevUser = null; - for (Approval appr : currApproverList) { - if(++line0) { - msg = "After these, there will be " + numLeft + " approvals left to process"; - } - if(rv.size()==0) { - if (numLeft>0) { - msg = "No Approvals to process at this time for user " + userParam +". You have " - + numLeft + " other approvals to process."; - } else { - msg = "No Approvals to process at this time"; - } - } - } catch (Exception e) { - trans.error().log(e); - } finally { - tt.done(); - } - return new Cells(rv,msg); - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/Home.java b/authz-gui/src/main/java/com/att/authz/gui/pages/Home.java deleted file mode 100644 index 3c6abd03..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/Home.java +++ /dev/null @@ -1,59 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import static com.att.xgen.html.HTMLGen.A; -import static com.att.xgen.html.HTMLGen.H3; - -import java.io.IOException; - -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - - -public class Home extends Page { - public static final String HREF = "/gui/home"; - public Home(final AuthGUI gui) throws APIException, IOException { - super(gui.env,"Home",HREF, NO_FIELDS, new NamedCode(false,"content") { - @Override - public void code(final Cache cache, final HTMLGen xgen) throws APIException, IOException { -// // TEMP -// JSGen jsg = xgen.js(); -// jsg.function("httpPost","sURL","sParam") -// .text("var oURL = new java.net.URL(sURL)") -// .text("var oConn = oURL.openConnection();") -// .text("oConn.setDoInput(true);") -// .text("oConn.setDoOutpu(true);") -// .text("oConn.setUseCaches(false);") -// .text("oConn.setRequestProperty(\"Content-Type\",\"application/x-www-form-urlencoded\");") -// .text(text) -// jsg.done(); - // TEMP - final Mark pages = xgen.divID("Pages"); - xgen.leaf(H3).text("Choose from the following:").end() - .leaf(A,"href=myperms").text("My Permissions").end() - .leaf(A,"href=myroles").text("My Roles").end() - // TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page - .leaf(A,"href=mynamespaces").text("My Namespaces").end() - .leaf(A,"href=approve").text("My Approvals").end() - .leaf(A, "href=myrequests").text("My Pending Requests").end() - // Enable later -// .leaf(A, "href=onboard").text("Onboarding").end() - // Password Change. If logged in as CSP/GSO, go to their page - .leaf(A,"href=passwd").text("Password Management").end() - .leaf(A,"href=cui").text("Command Prompt").end() - .leaf(A,"href=api").text("AAF API").end() - ; - - xgen.end(pages); - } - }); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLanding.java b/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLanding.java deleted file mode 100644 index 6ca16080..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLanding.java +++ /dev/null @@ -1,97 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.URLDecoder; - -import javax.servlet.http.HttpServletRequest; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -public class LoginLanding extends Page { - public static final String HREF = "/login"; - static final String NAME = "Login"; - static final String fields[] = {"id","password","environment"}; - static final String envs[] = {"DEV","TEST","PROD"}; - - public LoginLanding(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME,HREF, fields, new NamedCode(true, "content") { - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - hgen.leaf("p").text("No login credentials are found in your current session. " + - "Choose your preferred login option to continue.").end(); - - Mark loginPaths = hgen.divID("Pages"); - - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI authGUI, AuthzTrans trans, Cache cache, HTMLGen xgen) throws APIException, IOException { - HttpServletRequest req = trans.get(gui.slot_httpServletRequest, null); - if(req!=null) { - String query = req.getQueryString(); - if(query!=null) { - for(String qs : query.split("&")) { - int equals = qs.indexOf('='); - xgen.leaf(HTMLGen.A, "href="+URLDecoder.decode(qs.substring(equals+1),Config.UTF_8)).text(qs.substring(0,equals).replace('_', ' ')).end(); - } - } - } - xgen.leaf(HTMLGen.A, "href=gui/home?Authentication=BasicAuth").text("AAF Basic Auth").end(); - } - }); -// hgen.leaf("a", "href=#","onclick=divVisibility('cso');").text("Global Login").end() -// .incr("p", "id=cso","style=display:none").text("this will redirect to global login").end() -// .leaf("a", "href=#","onclick=divVisibility('tguard');").text("tGuard").end() -// .incr("p", "id=tguard","style=display:none").text("this will redirect to tGuard login").end() -// hgen.leaf("a", "href=#","onclick=divVisibility('basicauth');").text("AAF Basic Auth").end(); - hgen.end(loginPaths); - -// hgen.incr("form","method=post","style=display:none","id=basicauth","gui/home?Authentication=BasicAuth"); -// Mark table = new Mark(TABLE); -// hgen.incr(table); -// cache.dynamic(hgen, new DynamicCode() { -// @Override -// public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) -// throws APIException, IOException { -// hgen -// .input(fields[0],"Username",true) -// .input(fields[1],"Password",true, "type=password"); -// Mark selectRow = new Mark(); -// hgen -// .incr(selectRow, "tr") -// .incr("td") -// .incr("label", "for=envs", "required").text("Environment").end() -// .end() -// .incr("td") -// .incr("select", "name=envs", "id=envs", "required") -// .incr("option", "value=").text("Select Environment").end(); -// for (String env : envs) { -// hgen.incr("option", "value="+env).text(env).end(); -// } -// hgen -// .end(selectRow) - -// hgen.end(); -// } -// }); -// hgen.end(); -// hgen.tagOnly("input", "type=submit", "value=Submit") -// .tagOnly("input", "type=reset", "value=Reset") -// .end(); - - - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLandingAction.java b/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLandingAction.java deleted file mode 100644 index d70aca45..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/LoginLandingAction.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Slot; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -public class LoginLandingAction extends Page { - public LoginLandingAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,"Login",LoginLanding.HREF, LoginLanding.fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - final Slot sID = gui.env.slot(LoginLanding.NAME+'.'+LoginLanding.fields[0]); -// final Slot sPassword = gui.env.slot(LoginLanding.NAME+'.'+LoginLanding.fields[1]); - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, final AuthzTrans trans,Cache cache, HTMLGen hgen) throws APIException, IOException { - String username = trans.get(sID,null); -// String password = trans.get(sPassword,null); - - hgen.p("User: "+username); - hgen.p("Pass: ********"); - - // TODO: clarification from JG - // put in request header? - // then pass through authn/basicAuth call? - - } - }); - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/NsDetail.java b/authz-gui/src/main/java/com/att/authz/gui/pages/NsDetail.java deleted file mode 100644 index 75ff137d..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/NsDetail.java +++ /dev/null @@ -1,223 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.List; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import com.att.cmd.AAFcli; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; - -import aaf.v2_0.Nss; -import aaf.v2_0.Nss.Ns; -import aaf.v2_0.Perm; -import aaf.v2_0.Perms; -import aaf.v2_0.Role; -import aaf.v2_0.Roles; -import aaf.v2_0.Users; -import aaf.v2_0.Users.User; - -public class NsDetail extends Page { - - public static final String HREF = "/gui/nsdetail"; - public static final String NAME = "NsDetail"; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - public static enum NS_FIELD { OWNERS, ADMINS, ROLES, PERMISSIONS, CREDS}; - private static final String BLANK = ""; - - public NsDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME, HREF, new String[] {"name"}, - new BreadCrumbs(breadcrumbs), - new Table("Namespace Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail") - ); - } - - /** - * Implement the table content for Namespace Detail - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[0]; - private static final String CSP_ATT_COM = "@csp.att.com"; - private Slot name; - public Model(AuthzEnv env) { - name = env.slot(NAME+".name"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String nsName = trans.get(name, null); - if(nsName==null) { - return Cells.EMPTY; - } - ArrayList rv = new ArrayList(); - rv.add(new AbsCell[]{new TextCell("Name:"),new TextCell(nsName)}); - - final TimeTaken tt = trans.start("AAF Namespace Details",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(),new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fn = client.read("/authz/nss/"+nsName,gui.nssDF); - - if(fn.get(AuthGUI.TIMEOUT)) { - tt.done(); - try { -// TimeTaken tt = trans.start("Load Data", Env.SUB); - - for(Ns n : fn.value.getNs()) { - String desc = (n.getDescription()!=null?n.getDescription():BLANK); - rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)}); - - addField(trans, rv, n.getAdmin(), NS_FIELD.ADMINS); - addField(trans, rv, n.getResponsible(), NS_FIELD.OWNERS); - - Future fu = client.read( - "/authn/creds/ns/"+nsName, - gui.usersDF - ); - List creds = new ArrayList(); - if(fu.get(AAFcli.timeout())) { - for (User u : fu.value.getUser()) { - StringBuilder sb = new StringBuilder(u.getId()); - switch(u.getType()) { - case 1: sb.append(" (U/Pass) "); break; - case 10: sb.append(" (Cert) "); break; - case 200: sb.append(" (x509) "); break; - default: - sb.append(" "); - } - sb.append(Chrono.niceDateStamp(u.getExpires())); - creds.add(sb.toString()); - } - } - addField(trans, rv, creds, NS_FIELD.CREDS); - - Future fr = client.read( - "/authz/roles/ns/"+nsName, - gui.rolesDF - ); - List roles = new ArrayList(); - if(fr.get(AAFcli.timeout())) { - for (Role r : fr.value.getRole()) { - roles.add(r.getName()); - } - } - addField(trans, rv, roles, NS_FIELD.ROLES); - - - Future fp = client.read( - "/authz/perms/ns/"+nsName, - gui.permsDF - ); - List perms = new ArrayList(); - - if(fp.get(AAFcli.timeout())) { - for (Perm p : fp.value.getPerm()) { - perms.add(p.getType() + "|" + p.getInstance() + "|" + p.getAction()); - } - } - addField(trans, rv, perms, NS_FIELD.PERMISSIONS); - } - String historyLink = NsHistory.HREF - + "?name=" + nsName; - rv.add(new AbsCell[] {new RefCell("See History",historyLink)}); - } finally { - tt.done(); - } - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")}); - } - return null; - } - }); - } catch (Exception e) { - e.printStackTrace(); - } finally { - tt.done(); - } - return new Cells(rv,null); - } - - private void addField(AuthzTrans trans, ArrayList rv, List values, NS_FIELD field) { - if (!values.isEmpty()) { - switch(field) { - case OWNERS: - case ADMINS: - case CREDS: - for (int i=0; i< values.size(); i++) { - AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null); - String user = values.get(i); - AbsCell userCell = (user.endsWith(CSP_ATT_COM)? - new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user)); - rv.add(new AbsCell[] { - label, - userCell - }); - } - break; - case ROLES: - for (int i=0; i< values.size(); i++) { - AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null); - rv.add(new AbsCell[] { - label, - new TextCell(values.get(i)) - }); - } - break; - case PERMISSIONS: - for (int i=0; i< values.size(); i++) { - AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null); - String perm = values.get(i); - String[] fields = perm.split("\\|"); - String grantLink = PermGrantForm.HREF - + "?type=" + fields[0].trim() - + "&instance=" + fields[1].trim() - + "&action=" + fields[2].trim(); - - rv.add(new AbsCell[] { - label, - new TextCell(perm), - new RefCell("Grant This Perm", grantLink) - }); - } - break; - } - - } - } - - private String sentenceCase(NS_FIELD field) { - String sField = field.toString(); - return sField.substring(0, 1).toUpperCase() + sField.substring(1).toLowerCase(); - } - - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/NsHistory.java b/authz-gui/src/main/java/com/att/authz/gui/pages/NsHistory.java deleted file mode 100644 index 653b9e7a..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/NsHistory.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Calendar; -import java.util.Comparator; -import java.util.List; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.History; -import aaf.v2_0.History.Item; - -public class NsHistory extends Page { - static final String NAME="NsHistory"; - static final String HREF = "/gui/nsHistory"; - static final String FIELDS[] = {"name","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, - AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; - - public NsHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"), - new NamedCode(true, "content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot name = gui.env.slot(NAME+".name"); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - String obName = trans.get(name, null); - - // Use Javascript to make the table title more descriptive - hgen.js() - .text("var caption = document.querySelector(\".title\");") - .text("caption.innerHTML='History for Namespace [ " + obName + " ]';") - .done(); - - // Use Javascript to change Link Target to our last visited Detail page - String lastPage = NsDetail.HREF + "?name=" + obName; - hgen.js() - .text("alterLink('nsdetail', '"+lastPage + "');") - .done(); - - hgen.br(); - hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end() - .divID("advanced_search", "style=display:none"); - hgen.incr("table"); - - addDateRow(hgen,"Start Date"); - addDateRow(hgen,"End Date"); - hgen.incr("tr").incr("td"); - hgen.tagOnly("input", "type=button","value=Get History", - "onclick=datesURL('"+HREF+"?name=" + obName+"');"); - hgen.end().end(); - hgen.end(); - hgen.end(); - - } - }); - } - } - - ); - } - - private static void addDateRow(HTMLGen hgen, String s) { - hgen - .incr("tr") - .incr("td") - .incr("label", "for=month", "required").text(s+"*").end() - .end() - .incr("td") - .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") - .incr("option", "value=").text("Month").end(); - for (Month m : Month.values()) { - if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { - hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); - } else { - hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end(); - } - } - hgen.end() - .end() - .incr("td") - .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required", - "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900", - "max="+Calendar.getInstance().get(Calendar.YEAR), - "placeholder=Year").end() - .end(); - } - - - - - /** - * Implement the Table Content for History - * - * - */ - private static class Model implements Table.Data { - private static final String CSP_ATT_COM = "@csp.att.com"; - private static final String[] headers = new String[] {"Date","User","Memo"}; - private Slot name; - private Slot dates; - - public Model(AuthzEnv env) { - name = env.slot(NAME+".name"); - dates = env.slot(NAME+".dates"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String oName = trans.get(name,null); - final String oDates = trans.get(dates,null); - - if(oName==null) { - return Cells.EMPTY; - } - - ArrayList rv = new ArrayList(); - String msg = null; - final TimeTaken tt = trans.start("AAF Get History for Namespace ["+oName+"]",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - if (oDates != null) { - client.setQueryParams("yyyymm="+oDates); - } - Future fh = client.read("/authz/hist/ns/"+oName,gui.historyDF); - if (fh.get(AuthGUI.TIMEOUT)) { - tt.done(); - TimeTaken tt2 = trans.start("Load History Data", Env.SUB); - try { - List histItems = fh.value.getItem(); - - java.util.Collections.sort(histItems, new Comparator() { - @Override - public int compare(Item o1, Item o2) { - return o2.getTimestamp().compare(o1.getTimestamp()); - } - }); - - for (Item i : histItems) { - String user = i.getUser(); - AbsCell userCell = (user.endsWith(CSP_ATT_COM)? - new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user)); - - rv.add(new AbsCell[] { - new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), - userCell, - new TextCell(i.getMemo()) - }); - } - } finally { - tt2.done(); - } - } else { - if (fh.code()==403) { - rv.add(new AbsCell[] {new TextCell("You may not view History of Namespace [" + oName + "]", "colspan = 3", "class=center")}); - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")}); - } - } - return null; - } - }); - } catch (Exception e) { - trans.error().log(e); - } finally { - tt.done(); - } - return new Cells(rv,msg); - } - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoAction.java b/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoAction.java deleted file mode 100644 index 19a90c3e..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoAction.java +++ /dev/null @@ -1,140 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.text.ParseException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.CredRequest; - -public class NsInfoAction extends Page { - public NsInfoAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,"Onboard",PassChangeForm.HREF, PassChangeForm.fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]); - final Slot sCurrPass = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[1]); - final Slot sPassword = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[2]); - final Slot sPassword2 = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[3]); - final Slot startDate = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[4]); - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, final AuthzTrans trans,Cache cache, HTMLGen hgen) throws APIException, IOException { - String id = trans.get(sID,null); - String currPass = trans.get(sCurrPass,null); - String password = trans.get(sPassword,null); - String password2 = trans.get(sPassword2,null); - - // Run Validations - boolean fail = true; - - if (id==null || id.indexOf('@')<=0) { - hgen.p("Data Entry Failure: Please enter a valid ID, including domain."); - } else if(password == null || password2 == null || currPass == null) { - hgen.p("Data Entry Failure: Both Password Fields need entries."); - } else if(!password.equals(password2)) { - hgen.p("Data Entry Failure: Passwords do not match."); - } else { // everything else is checked by Server - final CredRequest cred = new CredRequest(); - cred.setId(id); - cred.setPassword(currPass); - try { - fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Boolean code(Rcli client)throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("Check Current Password",Env.REMOTE); - try { - Future fcr = client.create( // Note: Need "Post", because of hiding password in SSL Data - "/authn/validate", - gui.credReqDF, - cred - ); - boolean go; - boolean fail = true; - fcr.get(5000); - if(fcr.code() == 200) { - hgen.p("Current Password validated"); - go = true; - } else { - hgen.p(String.format("Invalid Current Password: %d %s",fcr.code(),fcr.body())); - go = false; - } - if(go) { - tt.done(); - tt = trans.start("AAF Change Password",Env.REMOTE); - try { - // Change over Cred to reset mode - cred.setPassword(password); - String start = trans.get(startDate, null); - if(start!=null) { - try { - cred.setStart(Chrono.timeStamp(Chrono.dateOnlyFmt.parse(start))); - } catch (ParseException e) { - throw new CadiException(e); - } - } - - fcr = client.create( - "/authn/cred", - gui.credReqDF, - cred - ); - - if(fcr.get(5000)) { - // Do Remote Call - hgen.p("New Password has been added."); - fail = false; - } else { - gui.writeError(trans, fcr, hgen); - } - } finally { - tt.done(); - } - } - return fail; - } finally { - tt.done(); - } - } - }); - - } catch (Exception e) { - hgen.p("Unknown Error"); - e.printStackTrace(); - } - } - hgen.br(); - if(fail) { - hgen.incr("a",true,"href="+PassChangeForm.HREF+"?id="+id).text("Try again").end(); - } else { - hgen.incr("a",true,"href="+Home.HREF).text("Home").end(); - } - } - }); - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoForm.java b/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoForm.java deleted file mode 100644 index 5cb8ff2c..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/NsInfoForm.java +++ /dev/null @@ -1,144 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import static com.att.xgen.html.HTMLGen.A; -import static com.att.xgen.html.HTMLGen.TABLE; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.List; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Nss; -import aaf.v2_0.Nss.Ns; -import aaf.v2_0.Nss.Ns.Attrib; - -public class NsInfoForm extends Page { - // Package on purpose - static final String HREF = "/gui/onboard"; - static final String NAME = "Onboarding"; - static final String fields[] = {"ns","description","mots","owners","admins"}; - - public NsInfoForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - - private final Slot sID = gui.env.slot(NsInfoForm.NAME+'.'+NsInfoForm.fields[0]); - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment - hgen.leaf(HTMLGen.H2).text("Namespace Info").end() - .leaf("p").text("Hover over Fields for Tool Tips, or click ") - .leaf(A,"href="+gui.env.getProperty("aaf_url.gui_onboard","")).text("Here").end() - .text(" for more information") - .end() - .incr("form","method=post"); - Mark table = new Mark(TABLE); - hgen.incr(table); - cache.dynamic(hgen, new DynamicCode() { - @SuppressWarnings("unchecked") - @Override - public void code(final AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - final String incomingID= trans.get(sID, ""); - final String[] info = new String[fields.length]; - final Object own_adm[] = new Object[2]; - for(int i=0;i0) { - TimeTaken tt = trans.start("AAF Namespace Info",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fn = client.read("/authz/nss/"+incomingID,gui.nssDF); - if(fn.get(AuthGUI.TIMEOUT)) { - for(Ns ns : fn.value.getNs()) { - info[0]=ns.getName(); - info[1]=ns.getDescription(); - for(Attrib attr: ns.getAttrib()) { - switch(attr.getKey()) { - case "mots": - info[2]=attr.getValue(); - default: - } - } - own_adm[0]=ns.getResponsible(); - own_adm[1]=ns.getAdmin(); - } - } else { - trans.error().log(fn.body()); - } - return null; - } - }); - } catch (Exception e) { - trans.error().log("Unable to access AAF for NS Info",incomingID); - e.printStackTrace(); - } finally { - tt.done(); - } - } - hgen.input(fields[0],"Namespace",false,"value="+info[0],"title=AAF Namespace") - .input(fields[1],"Description*",true,"value="+info[1],"title=Full Application Name, Tool Name or Group") - .input(fields[2],"MOTS ID",false,"value="+info[2],"title=MOTS ID if this is an Application, and has MOTS"); - Mark endTD = new Mark(),endTR=new Mark(); - // Owners - hgen.incr(endTR,HTMLGen.TR) - .incr(endTD,HTMLGen.TD) - .leaf("label","for="+fields[3]).text("Responsible Party") - .end(endTD) - .incr(endTD,HTMLGen.TD) - .tagOnly("input","id="+fields[3],"title=Owner of App, must be an Non-Bargained Employee"); - if(own_adm[0]!=null) { - for(String s : (List)own_adm[0]) { - hgen.incr("label",true).text(s).end(); - } - } - hgen.end(endTR); - - // Admins - hgen.incr(endTR,HTMLGen.TR) - .incr(endTD,HTMLGen.TD) - .leaf("label","for="+fields[4]).text("Administrators") - .end(endTD) - .incr(endTD,HTMLGen.TD) - .tagOnly("input","id="+fields[4],"title=Admins may be employees, contractors or mechIDs"); - if(own_adm[1]!=null) { - for(String s : (List)own_adm[1]) { - hgen.incr(HTMLGen.P,true).text(s).end(); - } - } - hgen.end(endTR) - .end(); - } - }); - hgen.end(); - hgen.tagOnly("input", "type=submit", "value=Submit") - .end(); - - } - }); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/NssShow.java b/authz-gui/src/main/java/com/att/authz/gui/pages/NssShow.java deleted file mode 100644 index 3ca12d9f..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/NssShow.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; - -import aaf.v2_0.Nss; -import aaf.v2_0.Nss.Ns; - -public class NssShow extends Page { - public static final String HREF = "/gui/mynamespaces"; - - public NssShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, "MyNamespaces",HREF, NO_FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("Namespaces I administer",gui.env.newTransNoAvg(),new Model("admin",gui.env), - "class=std", "style=display: inline-block; width: 45%; margin: 10px;"), - new Table("Namespaces I own",gui.env.newTransNoAvg(),new Model("responsible",gui.env), - "class=std", "style=display: inline-block; width: 45%; margin: 10px;")); - } - - private static class Model implements Table.Data { - private String[] headers; - private String privilege = null; - public final Slot sNssByUser; - private boolean isAdmin; - - public Model(String privilege,AuthzEnv env) { - super(); - headers = new String[] {privilege}; - this.privilege = privilege; - isAdmin = "admin".equals(privilege); - sNssByUser = env.slot("NSS_SHOW_MODEL_DATA"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - ArrayList rv = new ArrayList(); - List nss = trans.get(sNssByUser, null); - if(nss==null) { - TimeTaken tt = trans.start("AAF Nss by User for " + privilege,Env.REMOTE); - try { - nss = gui.clientAsUser(trans.getUserPrincipal(), new Retryable>() { - @Override - public List code(Rcli client) throws CadiException, ConnectException, APIException { - List nss = null; - Future fp = client.read("/authz/nss/either/" + trans.user(),gui.nssDF); - if(fp.get(AuthGUI.TIMEOUT)) { - TimeTaken tt = trans.start("Load Data for " + privilege, Env.SUB); - try { - if(fp.value!=null) { - nss = fp.value.getNs(); - Collections.sort(nss, new Comparator() { - public int compare(Ns ns1, Ns ns2) { - return ns1.getName().compareToIgnoreCase(ns2.getName()); - } - }); - trans.put(sNssByUser,nss); - } - } finally { - tt.done(); - } - }else { - gui.writeError(trans, fp, null); - } - return nss; - } - }); - } catch (Exception e) { - trans.error().log(e); - } finally { - tt.done(); - } - } - - if(nss!=null) { - for(Ns n : nss) { - if((isAdmin && !n.getAdmin().isEmpty()) - || (!isAdmin && !n.getResponsible().isEmpty())) { - AbsCell[] sa = new AbsCell[] { - new RefCell(n.getName(),NsDetail.HREF - +"?name="+n.getName()), - }; - rv.add(sa); - } - } - } - - return new Cells(rv,null); - } - } - - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeAction.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeAction.java deleted file mode 100644 index 1c575151..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeAction.java +++ /dev/null @@ -1,138 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.text.ParseException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.CredRequest; - -public class PassChangeAction extends Page { - public PassChangeAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,"PassChange",PassChangeForm.HREF, PassChangeForm.fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]); - final Slot sCurrPass = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[1]); - final Slot sPassword = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[2]); - final Slot sPassword2 = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[3]); - final Slot startDate = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[4]); - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, final AuthzTrans trans,Cache cache, HTMLGen hgen) throws APIException, IOException { - String id = trans.get(sID,null); - String currPass = trans.get(sCurrPass,null); - String password = trans.get(sPassword,null); - String password2 = trans.get(sPassword2,null); - - // Run Validations - boolean fail = true; - - if (id==null || id.indexOf('@')<=0) { - hgen.p("Data Entry Failure: Please enter a valid ID, including domain."); - } else if(password == null || password2 == null || currPass == null) { - hgen.p("Data Entry Failure: Both Password Fields need entries."); - } else if(!password.equals(password2)) { - hgen.p("Data Entry Failure: Passwords do not match."); - } else { // everything else is checked by Server - final CredRequest cred = new CredRequest(); - cred.setId(id); - cred.setPassword(currPass); - try { - fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Boolean code(Rcli client)throws CadiException, ConnectException, APIException { - boolean fail = true; - boolean go = false; - TimeTaken tt = trans.start("Check Current Password",Env.REMOTE); - try { - Future fcr = client.create( // Note: Need "Post", because of hiding password in SSL Data - "/authn/validate",gui.credReqDF,cred); - - fcr.get(5000); - if(fcr.code() == 200) { - hgen.p("Current Password validated"); - go = true; - } else { - hgen.p(String.format("Invalid Current Password: %d %s",fcr.code(),fcr.body())); - go = false; - } - } finally { - tt.done(); - } - if(go) { - tt = trans.start("AAF Change Password",Env.REMOTE); - try { - // Change over Cred to reset mode - cred.setPassword(password); - String start = trans.get(startDate, null); - if(start!=null) { - try { - cred.setStart(Chrono.timeStamp(Chrono.dateOnlyFmt.parse(start))); - } catch (ParseException e) { - throw new CadiException(e); - } - } - - Future fcr = client.create( - "/authn/cred", - gui.credReqDF, - cred - ); - - if(fcr.get(5000)) { - // Do Remote Call - hgen.p("New Password has been added."); - fail = false; - } else { - gui.writeError(trans, fcr, hgen); - } - } finally { - tt.done(); - } - } - return fail; - } - - }); - } catch (Exception e) { - hgen.p("Unknown Error"); - e.printStackTrace(); - } - - } - hgen.br(); - if(fail) { - hgen.incr("a",true,"href="+PassChangeForm.HREF+"?id="+id).text("Try again").end(); - } else { - hgen.incr("a",true,"href="+Home.HREF).text("Home").end(); - } - } - }); - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeForm.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeForm.java deleted file mode 100644 index 440c0db1..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PassChangeForm.java +++ /dev/null @@ -1,68 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import static com.att.xgen.html.HTMLGen.TABLE; - -import java.io.IOException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Slot; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -public class PassChangeForm extends Page { - // Package on purpose - static final String HREF = "/gui/passwd"; - static final String NAME = "PassChange"; - static final String fields[] = {"id","current","password","password2","startDate"}; - - public PassChangeForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - private final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]); - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment - hgen.leaf("p").text("You are requesting a new Mechanical Password in the AAF System. " + - "So that you can perform clean migrations, you will be able to use both this " + - "new password and the old one until their respective expiration dates.").end() - .leaf("p").text("Note: You must be a Namespace Admin where the MechID resides.").end() - .incr("form","method=post"); - Mark table = new Mark(TABLE); - hgen.incr(table); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { -// GregorianCalendar gc = new GregorianCalendar(); -// System.out.println(gc.toString()); - String incomingID= trans.get(sID, ""); - hgen - .input(fields[0],"ID*",true,"value="+incomingID) - .input(fields[1],"Current Password*",true,"type=password") - .input(fields[2],"New Password*",true, "type=password") - .input(fields[3], "Reenter New Password*",true, "type=password") -// .input(fields[3],"Start Date",false,"type=date", "value="+ -// Chrono.dateOnlyFmt.format(new Date(System.currentTimeMillis())) -// ) - .end(); - } - }); - hgen.end(); - hgen.tagOnly("input", "type=submit", "value=Submit") - .end(); - - } - }); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PendingRequestsShow.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PendingRequestsShow.java deleted file mode 100644 index 8bdb3295..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PendingRequestsShow.java +++ /dev/null @@ -1,174 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; -import java.util.UUID; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Approval; -import aaf.v2_0.Approvals; - -public class PendingRequestsShow extends Page { - public static final String HREF = "/gui/myrequests"; - public static final String NAME = "MyRequests"; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - private static final String DATE_TIME_FORMAT = "yyyy-MM-dd"; - - public PendingRequestsShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME,HREF, NO_FIELDS, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"expedite") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - hgen - .leaf("p", "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ") - .br() - .text("To Expedite a Request: ") - .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');") - .text("Click Here").end() - .divID("expedite_directions", "style=display:none"); - hgen - .incr(HTMLGen.OL) - .incr(HTMLGen.LI) - .leaf("a","href="+ApprovalForm.HREF+"?user="+trans.user(), "id=userApprove") - .text("Copy This Link") - .end() - .end() - .incr(HTMLGen.LI) - .text("Send it to the Approver Listed") - .end() - .end() - .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!") - .end() - .end(); - } - }); - } - }, - new Table("Pending Requests",gui.env.newTransNoAvg(),new Model(), "class=std") - ); - - - } - - /** - * Implement the Table Content for Requests by User - * - * - */ - private static class Model implements Table.Data { - private static final String CSP_ATT_COM = "@csp.att.com"; - final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L; - private static final String[] headers = new String[] {"Request Date","Status","Memo","Approver"}; - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - DateFormat createdDF = new SimpleDateFormat(DATE_TIME_FORMAT); - ArrayList rv = new ArrayList(); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client)throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("AAF Get Approvals by User",Env.REMOTE); - try { - Future fa = client.read("/authz/approval/user/"+trans.user(),gui.approvalsDF); - if(fa.get(5000)) { - tt.done(); - tt = trans.start("Load Data", Env.SUB); - if(fa.value!=null) { - List approvals = fa.value.getApprovals(); - Collections.sort(approvals, new Comparator() { - @Override - public int compare(Approval a1, Approval a2) { - UUID id1 = UUID.fromString(a1.getId()); - UUID id2 = UUID.fromString(a2.getId()); - return id1.timestamp()<=id2.timestamp()?1:-1; - } - }); - - String prevTicket = null; - for(Approval a : approvals) { - String approver = a.getApprover(); - String approverShort = approver.substring(0,approver.indexOf('@')); - - AbsCell tsCell = null; - String ticket = a.getTicket(); - if (ticket.equals(prevTicket)) { - tsCell = AbsCell.Null; - } else { - UUID id = UUID.fromString(a.getId()); - tsCell = new RefCell(createdDF.format((id.timestamp() - NUM_100NS_INTERVALS_SINCE_UUID_EPOCH)/10000), - RequestDetail.HREF + "?ticket=" + a.getTicket()); - prevTicket = ticket; - } - - AbsCell approverCell = null; - if (approver.endsWith(CSP_ATT_COM)) { - approverCell = new RefCell(approver, WEBPHONE + approverShort); - } else { - approverCell = new TextCell(approver); - } - AbsCell[] sa = new AbsCell[] { - tsCell, - new TextCell(a.getStatus()), - new TextCell(a.getMemo()), - approverCell - }; - rv.add(sa); - } - } - } else { - gui.writeError(trans, fa, null); - } - } finally { - tt.done(); - } - - - return null; - } - }); - } catch (Exception e) { - trans.error().log(e); - } - return new Cells(rv,null); - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PermDetail.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PermDetail.java deleted file mode 100644 index ad26674f..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PermDetail.java +++ /dev/null @@ -1,138 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.List; - -import com.att.aft.dme2.internal.jetty.http.HttpStatus; -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; - -import aaf.v2_0.Perm; -import aaf.v2_0.Perms; - -/** - * Detail Page for Permissions - * - */ -public class PermDetail extends Page { - public static final String HREF = "/gui/permdetail"; - public static final String NAME = "PermDetail"; - private static final String BLANK = ""; - - public PermDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME, HREF, new String[] {"type","instance","action"}, - new BreadCrumbs(breadcrumbs), - new Table("Permission Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail") - ); - } - - /** - * Implement the table content for Permissions Detail - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[0]; - private Slot type, instance, action; - public Model(AuthzEnv env) { - type = env.slot(NAME+".type"); - instance = env.slot(NAME+".instance"); - action = env.slot(NAME+".action"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String pType = trans.get(type, null); - final String pInstance = trans.get(instance, null); - final String pAction = trans.get(action, null); - if(pType==null || pInstance==null || pAction==null) { - return Cells.EMPTY; - } - ArrayList rv = new ArrayList(); - rv.add(new AbsCell[]{new TextCell("Type:"),new TextCell(pType)}); - rv.add(new AbsCell[]{new TextCell("Instance:"),new TextCell(pInstance)}); - rv.add(new AbsCell[]{new TextCell("Action:"),new TextCell(pAction)}); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client)throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("AAF Perm Details",Env.REMOTE); - try { - Future fp= client.read("/authz/perms/"+pType + '/' + pInstance + '/' + pAction,gui.permsDF); - - if(fp.get(AuthGUI.TIMEOUT)) { - tt.done(); - tt = trans.start("Load Data", Env.SUB); - List ps = fp.value.getPerm(); - if(!ps.isEmpty()) { - Perm perm = fp.value.getPerm().get(0); - String desc = (perm.getDescription()!=null?perm.getDescription():BLANK); - rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)}); - boolean first=true; - for(String r : perm.getRoles()) { - if(first){ - first=false; - rv.add(new AbsCell[] { - new TextCell("Associated Roles:"), - new TextCell(r) - }); - } else { - rv.add(new AbsCell[] { - AbsCell.Null, - new TextCell(r) - }); - } - } - } - String historyLink = PermHistory.HREF - + "?type=" + pType + "&instance=" + pInstance + "&action=" + pAction; - - rv.add(new AbsCell[] {new RefCell("See History",historyLink)}); - } else { - rv.add(new AbsCell[] {new TextCell( - fp.code()==HttpStatus.NOT_FOUND_404? - "*** Implicit Permission ***": - "*** Data Unavailable ***" - )}); - } - } finally { - tt.done(); - } - - return null; - } - }); - } catch (Exception e) { - e.printStackTrace(); - } - return new Cells(rv,null); - } - } -} - \ No newline at end of file diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantAction.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantAction.java deleted file mode 100644 index 3fa6508e..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantAction.java +++ /dev/null @@ -1,117 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Pkey; -import aaf.v2_0.RolePermRequest; - -public class PermGrantAction extends Page { - - - public PermGrantAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,PermGrantForm.NAME, PermGrantForm.HREF, PermGrantForm.fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - final Slot sType = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[0]); - final Slot sInstance = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[1]); - final Slot sAction = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[2]); - final Slot sRole = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[3]); - - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(final AuthGUI gui, final AuthzTrans trans,Cache cache, HTMLGen hgen) throws APIException, IOException { - - String type = trans.get(sType,null); - String instance = trans.get(sInstance,null); - String action = trans.get(sAction,null); - String role = trans.get(sRole,null); - - String lastPage = PermGrantForm.HREF - + "?type=" + type + "&instance=" + instance + "&action=" + action; - - // Run Validations - boolean fail = true; - - TimeTaken tt = trans.start("AAF Grant Permission to Role",Env.REMOTE); - try { - - final RolePermRequest grantReq = new RolePermRequest(); - Pkey pkey = new Pkey(); - pkey.setType(type); - pkey.setInstance(instance); - pkey.setAction(action); - grantReq.setPerm(pkey); - grantReq.setRole(role); - - fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Boolean code(Rcli client) throws CadiException, ConnectException, APIException { - boolean fail = true; - Future fgrant = client.create( - "/authz/role/perm", - gui.rolePermReqDF, - grantReq - ); - - if(fgrant.get(5000)) { - hgen.p("Permission has been granted to role."); - fail = false; - } else { - if (202==fgrant.code()) { - hgen.p("Permission Grant Request sent, but must be Approved before actualizing"); - fail = false; - } else { - gui.writeError(trans, fgrant, hgen); - } - } - return fail; - } - }); - } catch (Exception e) { - hgen.p("Unknown Error"); - e.printStackTrace(); - } finally { - tt.done(); - } - - hgen.br(); - hgen.incr("a",true,"href="+lastPage); - if (fail) { - hgen.text("Try again"); - } else { - hgen.text("Grant this Permission to Another Role"); - } - hgen.end(); - hgen.js() - .text("alterLink('permgrant', '"+lastPage + "');") - .done(); - - } - }); - } - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantForm.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantForm.java deleted file mode 100644 index b3b51f63..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PermGrantForm.java +++ /dev/null @@ -1,139 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import static com.att.xgen.html.HTMLGen.TABLE; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.List; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.Role; -import aaf.v2_0.Roles; - -public class PermGrantForm extends Page { - static final String HREF = "/gui/permgrant"; - static final String NAME = "Permission Grant"; - static final String fields[] = {"type","instance","action","role"}; - - public PermGrantForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true,"content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot type = gui.env.slot(NAME+".type"); - final Slot instance = gui.env.slot(NAME+".instance"); - final Slot action = gui.env.slot(NAME+".action"); - final Slot role = gui.env.slot(NAME+".role"); - // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment - hgen.leaf("p").text("Choose a role to grant to this permission").end() - .incr("form","method=post"); - Mark table = new Mark(TABLE); - hgen.incr(table); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - - Mark copyRoleJS = new Mark(); - hgen.js(copyRoleJS); - hgen.text("function copyRole(role) {"); - hgen.text("var txtRole = document.querySelector(\"#role\");"); -// hgen.text("if (role==;"); - hgen.text("txtRole.value=role;"); - hgen.text("}"); - hgen.end(copyRoleJS); - - String typeValue = trans.get(type, ""); - String instanceValue = trans.get(instance, ""); - String actionValue = trans.get(action, ""); - String roleValue = trans.get(role,null); - List myRoles = getMyRoles(gui, trans); - hgen - .input(fields[0],"Perm Type",true,"value="+typeValue,"disabled") - .input(fields[1],"Perm Instance",true,"value="+instanceValue,"disabled") - .input(fields[2],"Perm Action",true,"value="+actionValue,"disabled"); - - // select & options are not an input type, so we must create table row & cell tags - Mark selectRow = new Mark(); - hgen - .incr(selectRow, "tr") - .incr("td") - .incr("label", "for=myroles", "required").text("My Roles").end() - .end() - .incr("td") - .incr("select", "name=myroles", "id=myroles", "onchange=copyRole(this.value)") - .incr("option", "value=").text("Select one of my roles").end(); - for (String role : myRoles) { - hgen.incr("option", "value="+role).text(role).end(); - } - hgen - .incr("option", "value=").text("Other").end() - .end(selectRow); - if(roleValue==null) { - hgen.input(fields[3],"Role", true, "placeholder=or type a role here"); - } else { - hgen.input(fields[3],"Role",true, "value="+roleValue); - } - hgen.end(); - } - }); - hgen.end(); - hgen.tagOnly("input", "type=submit", "value=Submit") - .end(); - - } - }); - } - - private static List getMyRoles(final AuthGUI gui, final AuthzTrans trans) { - List myRoles = new ArrayList(); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("AAF get my roles",Env.REMOTE); - try { - Future fr = client.read("/authz/roles/user/"+trans.user(),gui.rolesDF); - if(fr.get(5000)) { - tt.done(); - tt = trans.start("Load Data", Env.SUB); - if (fr.value != null) for (Role r : fr.value.getRole()) { - myRoles.add(r.getName()); - } - } else { - gui.writeError(trans, fr, null); - } - } finally { - tt.done(); - } - return null; - } - }); - } catch (Exception e) { - e.printStackTrace(); - } - - return myRoles; - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PermHistory.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PermHistory.java deleted file mode 100644 index f360b0d5..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PermHistory.java +++ /dev/null @@ -1,223 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Calendar; -import java.util.Comparator; -import java.util.List; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.History; -import aaf.v2_0.History.Item; - - -public class PermHistory extends Page { - static final String NAME="PermHistory"; - static final String HREF = "/gui/permHistory"; - static final String FIELDS[] = {"type","instance","action","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, - AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; - - public PermHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"), - new NamedCode(true, "content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot sType = gui.env.slot(NAME+".type"); - final Slot sInstance = gui.env.slot(NAME+".instance"); - final Slot sAction = gui.env.slot(NAME+".action"); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - String type = trans.get(sType, null); - String instance = trans.get(sInstance,null); - String action = trans.get(sAction,null); - - // Use Javascript to make the table title more descriptive - hgen.js() - .text("var caption = document.querySelector(\".title\");") - .text("caption.innerHTML='History for Permission [ " + type + " ]';") - .done(); - - // Use Javascript to change Link Target to our last visited Detail page - String lastPage = PermDetail.HREF + "?type=" + type - + "&instance=" + instance - + "&action=" + action; - hgen.js() - .text("alterLink('permdetail', '"+lastPage + "');") - .done(); - - hgen.br(); - hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');").text("Advanced Search").end() - .divID("advanced_search", "style=display:none"); - hgen.incr("table"); - - addDateRow(hgen,"Start Date"); - addDateRow(hgen,"End Date"); - hgen.incr("tr").incr("td"); - hgen.tagOnly("input", "type=button","value=Get History", - "onclick=datesURL('"+HREF+"?type=" + type - + "&instance=" + instance - + "&action=" + action+"');"); - hgen.end().end(); - hgen.end(); - hgen.end(); - } - }); - } - } - - ); - - } - - private static void addDateRow(HTMLGen hgen, String s) { - hgen - .incr("tr") - .incr("td") - .incr("label", "for=month", "required").text(s+"*").end() - .end() - .incr("td") - .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") - .incr("option", "value=").text("Month").end(); - for (Month m : Month.values()) { - if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { - hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); - } else { - hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end(); - } - } - hgen.end() - .end() - .incr("td") - .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required", - "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900", - "max="+Calendar.getInstance().get(Calendar.YEAR), - "placeholder=Year").end() - .end(); - } - - /** - * Implement the Table Content for History - * - * - */ - private static class Model implements Table.Data { - private static final String CSP_ATT_COM = "@csp.att.com"; - private static final String[] headers = new String[] {"Date","User","Memo"}; - private Slot sType; - private Slot sDates; - - public Model(AuthzEnv env) { - sType = env.slot(NAME+".type"); - sDates = env.slot(NAME+".dates"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String oName = trans.get(sType,null); - final String oDates = trans.get(sDates,null); - - if(oName==null) { - return Cells.EMPTY; - } - - ArrayList rv = new ArrayList(); - String msg = null; - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("AAF Get History for Permission ["+oName+"]",Env.REMOTE); - try { - if (oDates != null) { - client.setQueryParams("yyyymm="+oDates); - } - Future fh = client.read( - "/authz/hist/perm/"+oName, - gui.historyDF - ); - - - if (fh.get(AuthGUI.TIMEOUT)) { - tt.done(); - tt = trans.start("Load History Data", Env.SUB); - List histItems = fh.value.getItem(); - - java.util.Collections.sort(histItems, new Comparator() { - @Override - public int compare(Item o1, Item o2) { - return o2.getTimestamp().compare(o1.getTimestamp()); - } - }); - - for (Item i : histItems) { - String user = i.getUser(); - AbsCell userCell = (user.endsWith(CSP_ATT_COM)? - new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user)); - - rv.add(new AbsCell[] { - new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), - userCell, - new TextCell(i.getMemo()) - }); - } - - } else { - if (fh.code()==403) { - rv.add(new AbsCell[] {new TextCell("You may not view History of Permission [" + oName + "]", "colspan = 3", "class=center")}); - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")}); - } - } - } finally { - tt.done(); - } - - return null; - } - }); - - } catch (Exception e) { - trans.error().log(e); - } - return new Cells(rv,msg); - } - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/PermsShow.java b/authz-gui/src/main/java/com/att/authz/gui/pages/PermsShow.java deleted file mode 100644 index 1bd3301c..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/PermsShow.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; - -import aaf.v2_0.Perm; -import aaf.v2_0.Perms; - -/** - * Page content for My Permissions - * - * - */ -public class PermsShow extends Page { - public static final String HREF = "/gui/myperms"; - - public PermsShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, "MyPerms",HREF, NO_FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("Permissions",gui.env.newTransNoAvg(),new Model(), "class=std")); - } - - /** - * Implement the Table Content for Permissions by User - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[] {"Type","Instance","Action"}; - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - ArrayList rv = new ArrayList(); - TimeTaken tt = trans.start("AAF Perms by User",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fp = client.read("/authz/perms/user/"+trans.user(), gui.permsDF); - if(fp.get(5000)) { - TimeTaken ttld = trans.start("Load Data", Env.SUB); - try { - if(fp.value!=null) { - for(Perm p : fp.value.getPerm()) { - AbsCell[] sa = new AbsCell[] { - new RefCell(p.getType(),PermDetail.HREF - +"?type="+p.getType() - +"&instance="+p.getInstance() - +"&action="+p.getAction()), - new TextCell(p.getInstance()), - new TextCell(p.getAction()) - }; - rv.add(sa); - } - } else { - gui.writeError(trans, fp, null); - } - } finally { - ttld.done(); - } - } - return null; - } - }); - } catch (Exception e) { - trans.error().log(e); - } finally { - tt.done(); - } - return new Cells(rv,null); - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/RequestDetail.java b/authz-gui/src/main/java/com/att/authz/gui/pages/RequestDetail.java deleted file mode 100644 index 43c21328..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/RequestDetail.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.UUID; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; - -import aaf.v2_0.Approval; -import aaf.v2_0.Approvals; - -public class RequestDetail extends Page { - public static final String HREF = "/gui/requestdetail"; - public static final String NAME = "RequestDetail"; - private static final String DATE_TIME_FORMAT = "yyyy-MM-dd HH:mm:ss"; - public static final String[] FIELDS = {"ticket"}; - - public RequestDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME, HREF, FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("Request Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail") - ); - } - - /** - * Implement the table content for Request Detail - * - * - */ - private static class Model implements Table.Data { - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - private static final String CSP_ATT_COM = "@csp.att.com"; - final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L; - private static final String[] headers = new String[0]; - private Slot sTicket; - public Model(AuthzEnv env) { - sTicket = env.slot(NAME+".ticket"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - Cells rv=Cells.EMPTY; - final String ticket = trans.get(sTicket, null); - if(ticket!=null) { - try { - rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Cells code(Rcli client) throws CadiException, ConnectException, APIException { - TimeTaken tt = trans.start("AAF Approval Details",Env.REMOTE); - ArrayList rv = new ArrayList(); - try { - Future fa = client.read( - "/authz/approval/ticket/"+ticket, - gui.approvalsDF - ); - - if(fa.get(AuthGUI.TIMEOUT)) { - if (!trans.user().equals(fa.value.getApprovals().get(0).getUser())) { - return Cells.EMPTY; - } - tt.done(); - tt = trans.start("Load Data", Env.SUB); - boolean first = true; - for ( Approval approval : fa.value.getApprovals()) { - AbsCell[] approverLine = new AbsCell[4]; - // only print common elements once - if (first) { - DateFormat createdDF = new SimpleDateFormat(DATE_TIME_FORMAT); - UUID id = UUID.fromString(approval.getId()); - - rv.add(new AbsCell[]{new TextCell("Ticket ID:"),new TextCell(approval.getTicket(),"colspan=3")}); - rv.add(new AbsCell[]{new TextCell("Memo:"),new TextCell(approval.getMemo(),"colspan=3")}); - rv.add(new AbsCell[]{new TextCell("Requested On:"), - new TextCell(createdDF.format((id.timestamp() - NUM_100NS_INTERVALS_SINCE_UUID_EPOCH)/10000),"colspan=3") - }); - rv.add(new AbsCell[]{new TextCell("Operation:"),new TextCell(decodeOp(approval.getOperation()),"colspan=3")}); - String user = approval.getUser(); - if (user.endsWith(CSP_ATT_COM)) { - rv.add(new AbsCell[]{new TextCell("User:"), - new RefCell(user,WEBPHONE + user.substring(0, user.indexOf("@")),"colspan=3")}); - } else { - rv.add(new AbsCell[]{new TextCell("User:"),new TextCell(user,"colspan=3")}); - } - - // headers for listing each approver - rv.add(new AbsCell[]{new TextCell(" ","colspan=4","class=blank_line")}); - rv.add(new AbsCell[]{AbsCell.Null, - new TextCell("Approver","class=bold"), - new TextCell("Type","class=bold"), - new TextCell("Status","class=bold")}); - approverLine[0] = new TextCell("Approvals:"); - - first = false; - } else { - approverLine[0] = AbsCell.Null; - } - - String approver = approval.getApprover(); - String approverShort = approver.substring(0,approver.indexOf('@')); - - if (approver.endsWith(CSP_ATT_COM)) { - approverLine[1] = new RefCell(approver, WEBPHONE + approverShort); - } else { - approverLine[1] = new TextCell(approval.getApprover()); - } - - String type = approval.getType(); - if ("owner".equalsIgnoreCase(type)) { - type = "resource owner"; - } - - approverLine[2] = new TextCell(type); - approverLine[3] = new TextCell(approval.getStatus()); - rv.add(approverLine); - - } - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")}); - } - } finally { - tt.done(); - } - return new Cells(rv,null); - } - }); - } catch (Exception e) { - trans.error().log(e); - } - } - return rv; - } - - private String decodeOp(String operation) { - if ("C".equalsIgnoreCase(operation)) { - return "Create"; - } else if ("D".equalsIgnoreCase(operation)) { - return "Delete"; - } else if ("U".equalsIgnoreCase(operation)) { - return "Update"; - } else if ("G".equalsIgnoreCase(operation)) { - return "Grant"; - } else if ("UG".equalsIgnoreCase(operation)) { - return "Un-Grant"; - } - return operation; - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/RoleDetail.java b/authz-gui/src/main/java/com/att/authz/gui/pages/RoleDetail.java deleted file mode 100644 index d45813eb..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/RoleDetail.java +++ /dev/null @@ -1,130 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; - -import aaf.v2_0.Pkey; -import aaf.v2_0.Role; -import aaf.v2_0.Roles; - -/** - * Detail Page for Permissions - * - * - */ -public class RoleDetail extends Page { - public static final String HREF = "/gui/roledetail"; - public static final String NAME = "RoleDetail"; - private static final String BLANK = ""; - - public RoleDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME, HREF, new String[] {"role"}, - new BreadCrumbs(breadcrumbs), - new Table("Role Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail") - ); - } - - /** - * Implement the table content for Permissions Detail - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[0]; - private Slot role; - public Model(AuthzEnv env) { - role = env.slot(NAME+".role"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String pRole = trans.get(role, null); - Cells rv = Cells.EMPTY; - if(pRole!=null) { - try { - rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Cells code(Rcli client) throws CadiException, ConnectException, APIException { - ArrayList rv = new ArrayList(); - rv.add(new AbsCell[]{new TextCell("Role:"),new TextCell(pRole)}); - - TimeTaken tt = trans.start("AAF Role Details",Env.REMOTE); - try { - - Future fr = client.read("/authz/roles/"+pRole,gui.rolesDF); - if(fr.get(AuthGUI.TIMEOUT)) { - tt.done(); - tt = trans.start("Load Data", Env.SUB); - Role role = fr.value.getRole().get(0); - String desc = (role.getDescription()!=null?role.getDescription():BLANK); - rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)}); - boolean first=true; - for(Pkey r : role.getPerms()) { - if(first){ - first=false; - rv.add(new AbsCell[] { - new TextCell("Associated Permissions:"), - new TextCell(r.getType() + - " | " + r.getInstance() + - " | " + r.getAction() - ) - }); - } else { - rv.add(new AbsCell[] { - AbsCell.Null, - new TextCell(r.getType() + - " | " + r.getInstance() + - " | " + r.getAction() - ) - }); - } - } - String historyLink = RoleHistory.HREF - + "?role=" + pRole; - rv.add(new AbsCell[] {new RefCell("See History",historyLink)}); - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")}); - } - } finally { - tt.done(); - } - return new Cells(rv,null); - } - }); - } catch (Exception e) { - trans.error().log(e); - } - } - return rv; - } - } -} - \ No newline at end of file diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/RoleHistory.java b/authz-gui/src/main/java/com/att/authz/gui/pages/RoleHistory.java deleted file mode 100644 index 85311329..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/RoleHistory.java +++ /dev/null @@ -1,208 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - - -import java.io.IOException; -import java.net.ConnectException; -import java.util.ArrayList; -import java.util.Calendar; -import java.util.Comparator; -import java.util.List; - -import com.att.authz.env.AuthzEnv; -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -import aaf.v2_0.History; -import aaf.v2_0.History.Item; - - -public class RoleHistory extends Page { - static final String NAME="RoleHistory"; - static final String HREF = "/gui/roleHistory"; - static final String FIELDS[] = {"role","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, - AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; - - public RoleHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME,HREF, FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"), - new NamedCode(true, "content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot role = gui.env.slot(NAME+".role"); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - String obRole = trans.get(role, null); - - // Use Javascript to make the table title more descriptive - hgen.js() - .text("var caption = document.querySelector(\".title\");") - .text("caption.innerHTML='History for Role [ " + obRole + " ]';") - .done(); - - // Use Javascript to change Link Target to our last visited Detail page - String lastPage = RoleDetail.HREF + "?role=" + obRole; - hgen.js() - .text("alterLink('roledetail', '"+lastPage + "');") - .done(); - - hgen.br(); - hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end() - .divID("advanced_search", "style=display:none"); - hgen.incr("table"); - - addDateRow(hgen,"Start Date"); - addDateRow(hgen,"End Date"); - hgen.incr("tr").incr("td"); - hgen.tagOnly("input", "type=button","value=Get History", - "onclick=datesURL('"+HREF+"?role=" + obRole+"');"); - hgen.end().end(); - hgen.end(); - hgen.end(); - } - }); - } - } - - ); - - } - - private static void addDateRow(HTMLGen hgen, String s) { - hgen - .incr("tr") - .incr("td") - .incr("label", "for=month", "required").text(s+"*").end() - .end() - .incr("td") - .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") - .incr("option", "value=").text("Month").end(); - for (Month m : Month.values()) { - if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { - hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); - } else { - hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end(); - } - } - hgen.end() - .end() - .incr("td") - .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required", - "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900", - "max="+Calendar.getInstance().get(Calendar.YEAR), - "placeholder=Year").end() - .end(); - } - - - /** - * Implement the Table Content for History - * - * - */ - private static class Model implements Table.Data { - private static final String CSP_ATT_COM = "@csp.att.com"; - private static final String[] headers = new String[] {"Date","User","Memo"}; - private Slot role; - private Slot dates; - - public Model(AuthzEnv env) { - role = env.slot(NAME+".role"); - dates = env.slot(NAME+".dates"); - } - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - final String oName = trans.get(role,null); - final String oDates = trans.get(dates,null); - - Cells rv = Cells.EMPTY; - if(oName!=null) { - - try { - rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Cells code(Rcli client) throws CadiException, ConnectException, APIException { - ArrayList rv = new ArrayList(); - TimeTaken tt = trans.start("AAF Get History for Namespace ["+oName+"]",Env.REMOTE); - String msg = null; - try { - if (oDates != null) { - client.setQueryParams("yyyymm="+oDates); - } - Future fh = client.read("/authz/hist/role/"+oName,gui.historyDF); - if (fh.get(AuthGUI.TIMEOUT)) { - tt.done(); - tt = trans.start("Load History Data", Env.SUB); - List histItems = fh.value.getItem(); - - java.util.Collections.sort(histItems, new Comparator() { - @Override - public int compare(Item o1, Item o2) { - return o2.getTimestamp().compare(o1.getTimestamp()); - } - }); - - for (Item i : histItems) { - String user = i.getUser(); - AbsCell userCell = (user.endsWith(CSP_ATT_COM)? - new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user)); - - rv.add(new AbsCell[] { - new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), - userCell, - new TextCell(i.getMemo()) - }); - } - } else { - if (fh.code()==403) { - rv.add(new AbsCell[] {new TextCell("You may not view History of Permission [" + oName + "]", "colspan = 3", "class=center")}); - } else { - rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")}); - } - } - } finally { - tt.done(); - } - return new Cells(rv,msg); - } - }); - } catch (Exception e) { - trans.error().log(e); - } - } - return rv; - } - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/RolesShow.java b/authz-gui/src/main/java/com/att/authz/gui/pages/RolesShow.java deleted file mode 100644 index 8b264dfe..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/RolesShow.java +++ /dev/null @@ -1,119 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.Page; -import com.att.authz.gui.Table; -import com.att.authz.gui.Table.Cells; -import com.att.authz.gui.table.AbsCell; -import com.att.authz.gui.table.RefCell; -import com.att.authz.gui.table.TextCell; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; - -import aaf.v2_0.UserRole; -import aaf.v2_0.UserRoles; - - -/** - * Page content for My Roles - * - * - */ -public class RolesShow extends Page { - public static final String HREF = "/gui/myroles"; - private static final String DATE_TIME_FORMAT = "yyyy-MM-dd"; - private static SimpleDateFormat expiresDF; - - static { - expiresDF = new SimpleDateFormat(DATE_TIME_FORMAT); - } - - public RolesShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, "MyRoles",HREF, NO_FIELDS, - new BreadCrumbs(breadcrumbs), - new Table("Roles",gui.env.newTransNoAvg(),new Model(), "class=std")); - } - - /** - * Implement the Table Content for Permissions by User - * - * - */ - private static class Model implements Table.Data { - private static final String[] headers = new String[] {"Role","Expires","Remediation","Actions"}; - - @Override - public String[] headers() { - return headers; - } - - @Override - public Cells get(final AuthGUI gui, final AuthzTrans trans) { - Cells rv = Cells.EMPTY; - - try { - rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Cells code(Rcli client) throws CadiException, ConnectException, APIException { - ArrayList rv = new ArrayList(); - TimeTaken tt = trans.start("AAF Roles by User",Env.REMOTE); - try { - Future fur = client.read("/authz/userRoles/user/"+trans.user(),gui.userrolesDF); - if (fur.get(5000)) { - if(fur.value != null) for (UserRole u : fur.value.getUserRole()) { - if(u.getExpires().compare(Chrono.timeStamp()) < 0) { - AbsCell[] sa = new AbsCell[] { - new TextCell(u.getRole() + "*", "class=expired"), - new TextCell(expiresDF.format(u.getExpires().toGregorianCalendar().getTime()),"class=expired"), - new RefCell("Extend", - UserRoleExtend.HREF + "?user="+trans.user()+"&role="+u.getRole(), - new String[]{"class=expired"}), - new RefCell("Remove", - UserRoleRemove.HREF + "?user="+trans.user()+"&role="+u.getRole(), - new String[]{"class=expired"}) - - }; - rv.add(sa); - } else { - AbsCell[] sa = new AbsCell[] { - new RefCell(u.getRole(), - RoleDetail.HREF+"?role="+u.getRole()), - new TextCell(expiresDF.format(u.getExpires().toGregorianCalendar().getTime())), - AbsCell.Null, - new RefCell("Remove", - UserRoleRemove.HREF + "?user="+trans.user()+"&role="+u.getRole()) - }; - rv.add(sa); - } - } - } - - } finally { - tt.done(); - } - return new Cells(rv,null); - } - }); - } catch (Exception e) { - trans.error().log(e); - } - return rv; - } - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleExtend.java b/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleExtend.java deleted file mode 100644 index e54787b9..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleExtend.java +++ /dev/null @@ -1,81 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -public class UserRoleExtend extends Page { - public static final String HREF = "/gui/urExtend"; - static final String NAME = "Extend User Role"; - static final String fields[] = {"user","role"}; - - public UserRoleExtend(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME, HREF, fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true, "content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot sUser = gui.env.slot(NAME+".user"); - final Slot sRole = gui.env.slot(NAME+".role"); - - - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - final String user = trans.get(sUser, ""); - final String role = trans.get(sRole, ""); - - TimeTaken tt = trans.start("Request to extend user role",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client)throws CadiException, ConnectException, APIException { - Future fv = client.setQueryParams("request=true").update("/authz/userRole/extend/"+user+"/"+role); - if(fv.get(5000)) { - // not sure if we'll ever hit this - hgen.p("Extended User ["+ user+"] in Role [" +role+"]"); - } else { - if (fv.code() == 202 ) { - hgen.p("User ["+ user+"] in Role [" +role+"] Extension sent for Approval"); - } else { - gui.writeError(trans, fv, hgen); - } - } - return null; - } - }); - } catch (Exception e) { - trans.error().log(e); - e.printStackTrace(); - } finally { - tt.done(); - } - - - } - }); - } - - }); - } -} - diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleRemove.java b/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleRemove.java deleted file mode 100644 index fd2123c2..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/UserRoleRemove.java +++ /dev/null @@ -1,79 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; -import java.net.ConnectException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.Slot; -import org.onap.aaf.inno.env.TimeTaken; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.html.HTMLGen; - -public class UserRoleRemove extends Page { - public static final String HREF = "/gui/urRemove"; - static final String NAME = "Remove User Role"; - static final String fields[] = {"user","role"}; - - public UserRoleRemove(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env,NAME, HREF, fields, - new BreadCrumbs(breadcrumbs), - new NamedCode(true, "content") { - @Override - public void code(final Cache cache, final HTMLGen hgen) throws APIException, IOException { - final Slot sUser = gui.env.slot(NAME+".user"); - final Slot sRole = gui.env.slot(NAME+".role"); - - - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI gui, AuthzTrans trans, Cache cache, HTMLGen hgen) throws APIException, IOException { - final String user = trans.get(sUser, ""); - final String role = trans.get(sRole, ""); - - TimeTaken tt = trans.start("Request a user role delete",Env.REMOTE); - try { - gui.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fv = client.setQueryParams("request=true").delete( - "/authz/userRole/"+user+"/"+role,Void.class); - - if(fv.get(5000)) { - // not sure if we'll ever hit this - hgen.p("User ["+ user+"] Removed from Role [" +role+"]"); - } else { - if (fv.code() == 202 ) { - hgen.p("User ["+ user+"] Removal from Role [" +role+"] sent for Approval"); - } else { - gui.writeError(trans, fv, hgen); - } - } - return null; - } - }); - } catch (Exception e) { - e.printStackTrace(); - } finally { - tt.done(); - } - } - }); - } - - }); - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/pages/WebCommand.java b/authz-gui/src/main/java/com/att/authz/gui/pages/WebCommand.java deleted file mode 100644 index 7c7bdb2d..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/pages/WebCommand.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.pages; - -import java.io.IOException; - -import com.att.authz.env.AuthzTrans; -import com.att.authz.gui.AuthGUI; -import com.att.authz.gui.BreadCrumbs; -import com.att.authz.gui.NamedCode; -import com.att.authz.gui.Page; -import org.onap.aaf.inno.env.APIException; -import com.att.xgen.Cache; -import com.att.xgen.DynamicCode; -import com.att.xgen.Mark; -import com.att.xgen.html.HTMLGen; - -public class WebCommand extends Page { - public static final String HREF = "/gui/cui"; - - public WebCommand(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, "Web Command Client",HREF, NO_FIELDS, - new BreadCrumbs(breadcrumbs), - new NamedCode(true, "content") { - @Override - public void code(Cache cache, HTMLGen hgen) throws APIException, IOException { - hgen.leaf("p","id=help_msg") - .text("Questions about this page? ") - .leaf("a", "href=http://wiki.web.att.com/display/aaf/Web+CUI+Usage", "target=_blank") - .text("Click here") - .end() - .text(". Type 'help' below for a list of AAF commands") - .end() - - .divID("console_and_options"); - hgen.divID("console_area"); - hgen.end(); //console_area - - hgen.divID("options_link", "class=closed"); - hgen.img("src=../../theme/options_down.png", "onclick=handleDivHiding('options',this);", - "id=options_img", "alt=Options", "title=Options") - .end(); //options_link - - hgen.divID("options"); - cache.dynamic(hgen, new DynamicCode() { - @Override - public void code(AuthGUI state, AuthzTrans trans, Cache cache, HTMLGen xgen) - throws APIException, IOException { - switch(browser(trans,trans.env().slot(getBrowserType()))) { - case ie: - case ieOld: - // IE doesn't support file save - break; - default: - xgen.img("src=../../theme/AAFdownload.png", "onclick=saveToFile();", - "alt=Save log to file", "title=Save log to file"); - } -// xgen.img("src=../../theme/AAFemail.png", "onclick=emailLog();", -// "alt=Email log to me", "title=Email log to me"); - xgen.img("src=../../theme/AAF_font_size.png", "onclick=handleDivHiding('text_slider',this);", - "id=fontsize_img", "alt=Change text size", "title=Change text size"); - xgen.img("src=../../theme/AAF_details.png", "onclick=selectOption(this,0);", - "id=details_img", "alt=Turn on/off details mode", "title=Turn on/off details mode"); - xgen.img("src=../../theme/AAF_maximize.png", "onclick=maximizeConsole(this);", - "id=maximize_img", "alt=Maximize Console Window", "title=Maximize Console Window"); - } - }); - - hgen.divID("text_slider"); - hgen.tagOnly("input", "type=button", "class=change_font", "onclick=buttonChangeFontSize('dec')", "value=-") - .tagOnly("input", "id=text_size_slider", "type=range", "min=75", "max=200", "value=100", - "oninput=changeFontSize(this.value)", "onchange=changeFontSize(this.value)", "title=Change Text Size") - .tagOnly("input", "type=button", "class=change_font", "onclick=buttonChangeFontSize('inc')", "value=+") - .end(); //text_slider - - hgen.end(); //options - hgen.end(); //console_and_options - - hgen.divID("input_area"); - hgen.tagOnly("input", "type=text", "id=command_field", - "autocomplete=off", "autocorrect=off", "autocapitalize=off", "spellcheck=false", - "onkeypress=keyPressed()", "placeholder=Type your AAFCLI commands here", "autofocus") - .tagOnly("input", "id=submit", "type=button", "value=Submit", - "onclick=http('put','../../gui/cui',getCommand(),callCUI);") - .end(); - - Mark callCUI = new Mark(); - hgen.js(callCUI); - hgen.text("function callCUI(resp) {") - .text("moveCommandToDiv();") - .text("printResponse(resp);") - .text("}"); - hgen.end(callCUI); - - } - }); - - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/AbsCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/AbsCell.java deleted file mode 100644 index eb91c22a..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/AbsCell.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import com.att.xgen.html.HTMLGen; - -public abstract class AbsCell { - private static final String[] NONE = new String[0]; - protected static final String[] CENTER = new String[]{"class=center"}; - - /** - * Write Cell Data with HTMLGen generator - * @param hgen - */ - public abstract void write(HTMLGen hgen); - - public final static AbsCell Null = new AbsCell() { - @Override - public void write(final HTMLGen hgen) { - } - }; - - public String[] attrs() { - return NONE; - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/ButtonCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/ButtonCell.java deleted file mode 100644 index 4c270cfc..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/ButtonCell.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import com.att.xgen.html.HTMLGen; - -public class ButtonCell extends AbsCell { - private String[] attrs; - - public ButtonCell(String value, String ... attributes) { - attrs = new String[2+attributes.length]; - attrs[0]="type=button"; - attrs[1]="value="+value; - System.arraycopy(attributes, 0, attrs, 2, attributes.length); - } - @Override - public void write(HTMLGen hgen) { - hgen.incr("input",true,attrs).end(); - - } - - @Override - public String[] attrs() { - return AbsCell.CENTER; - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/RadioCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/RadioCell.java deleted file mode 100644 index b4fa6440..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/RadioCell.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import com.att.xgen.html.HTMLGen; - -public class RadioCell extends AbsCell { - private String[] attrs; - - public RadioCell(String name, String radioClass, String value, String ... attributes) { - attrs = new String[4+attributes.length]; - attrs[0]="type=radio"; - attrs[1]="name="+name; - attrs[2]="class="+radioClass; - attrs[3]="value="+value; - System.arraycopy(attributes, 0, attrs, 4, attributes.length); - } - - @Override - public void write(HTMLGen hgen) { - hgen.incr("input",true,attrs).end(); - } - - @Override - public String[] attrs() { - return AbsCell.CENTER; - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/RefCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/RefCell.java deleted file mode 100644 index 49719837..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/RefCell.java +++ /dev/null @@ -1,35 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import static com.att.xgen.html.HTMLGen.A; - -import com.att.xgen.html.HTMLGen; - -/** - * Write a Reference Link into a Cell - * - */ -public class RefCell extends AbsCell { - public final String name; - public final String href; - private String[] attrs; - - public RefCell(String name, String href, String... attributes) { - attrs = new String[attributes.length]; - System.arraycopy(attributes, 0, attrs, 0, attributes.length); - this.name = name; - this.href = href; - } - - @Override - public void write(HTMLGen hgen) { - hgen.leaf(A,"href="+href).text(name); - } - - @Override - public String[] attrs() { - return attrs; - } -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/TextAndRefCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/TextAndRefCell.java deleted file mode 100644 index 1c25361b..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/TextAndRefCell.java +++ /dev/null @@ -1,25 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import static com.att.xgen.html.HTMLGen.A; - -import com.att.xgen.html.HTMLGen; - -public class TextAndRefCell extends RefCell { - - private String text; - - public TextAndRefCell(String text, String name, String href, String[] attributes) { - super(name, href, attributes); - this.text = text; - } - - @Override - public void write(HTMLGen hgen) { - hgen.text(text); - hgen.leaf(A,"href="+href).text(name); - } - -} diff --git a/authz-gui/src/main/java/com/att/authz/gui/table/TextCell.java b/authz-gui/src/main/java/com/att/authz/gui/table/TextCell.java deleted file mode 100644 index d0987920..00000000 --- a/authz-gui/src/main/java/com/att/authz/gui/table/TextCell.java +++ /dev/null @@ -1,31 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.gui.table; - -import com.att.xgen.html.HTMLGen; - -/** - * Write Simple Text into a Cell - * - */ -public class TextCell extends AbsCell { - public final String name; - private String[] attrs; - - public TextCell(String name, String... attributes) { - attrs = new String[attributes.length]; - System.arraycopy(attributes, 0, attrs, 0, attributes.length); - this.name = name; - } - - @Override - public void write(HTMLGen hgen) { - hgen.text(name); - } - - @Override - public String[] attrs() { - return attrs; - } -} diff --git a/authz-gui/theme/AAF_details.png b/authz-gui/theme/AAF_details.png deleted file mode 100644 index 5c187459255b22df00373dda3f2b8ae0b2059575..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmV;50(Jd~P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&0v}04K~zXf<(Azm z!%-N=CodP0T!@lf;Kq%6S4#Na!PokWb#e?M?0 z8UGK^e{7`^wR%xM`baDBMPtyHD3VA3V=ctsGiF2jhyf7y>qk%J)B%**tie<1E!wJ? zL+H-=5{|(I5cdn4GqY_WyIlwMZd}Zs+;puOF#_dw=&VnkkPMN4l98R9cAe?L1(E!C zeSWM7%4pS=jT@o@cwT++b*la?lf~hNm;%U`&XODF{x-nw_9BzhN7qd3RBIi^M# z)e7)%mVB{daz7}bbaXGjdnH;x`NTfL?AbVnkPx#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&1eHldK~z{r-B(>q z990zlc6N8@!U_nKp9K_!B4|rODG$~*txaiDkyI;b)x`KvQxl)8Hq}-P^{1L>qA{jE z_+sS6#8ew2rqncTjWPOw6$3^aTjL)Tq=_x%Z)ay`{mz};%L2>NNV6s$GVGn1bMHC# zJKs6?j3-7Zefb1N$1V801~MUb)WPzgiQ$f|@RYpN6B`)|!}NPIVO!g#CO{Kj2pm{4hMG9eH?lIif5$>14?cVA{r$ z>u%LH9%Aeh^8BV+z;U2ZT0oZMfH2*g(Y|oEiEO6jBf8+AX);fTCJo8dwkP-oFDuRvGMc7zVLNO^cA@9FhN14DYseT@~c7a-$&1g31fx~*PM-n*Uzv!e4MB>DDl zm`T0PljnelgUAGPpAL7N;C)=)Y`YzpjHC>~tV$@PlFAi6+=`?9Lx>XkT@B^%Jar7d zEI*8RRTDiw$J5kP@DktdpN3(0JV?~NN$$9PRY)5xJN!9@ud?r$bNbFgz~Q8AwZ&@E zk*|M6SMQ%{+}?E4EC@yK-g;M0gm%$ZU#hC$J@G5qxahpNtCEl4&%R>1Z`bYp^YCuHv)$ZNGjvXIpG9D_+Ibt+JSd> zG{6bZ98d}Y@w6b@k4hGmfsrxcqE0z^7w{XXWlbMtj!!XEq1|Bh?=lMT4nCN={3q?!-0000Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&0p>|WK~z{r#h1HI z!!Q(vkJH;i*h;I;6+27Es7O>Gb>IQIbtghXER+p8m4Vk_r&4(hB;J9`1}wb>pWJZV zIJPS{JyRl``2WuD6DNmwH0t*+@bx=`V!?tuVzFF7b*~KXx2HgAcN6d9dkW=JArI|X zV>VwxZNCE6C#^hhail;^)V4~gwiC_`{@#pPs4duZk5h>5*Fjnx2i`jN#zdN3$AdLs z(6*u3K7@XVK#-A7%fM3r5U$}x zF{3gVCo-`iu_w|(p$QdLGt!7a93R;tfDNO|E=-3GJk-Q=TLg$iZE)QHWK>@V$pL@? zxu77uMuH-<3HfG9Gcv7tgXeGy9B`|_Qk3qvVa?i|$a100000NkvXXu0mjfZv*?B diff --git a/authz-gui/theme/AAFdownload.png b/authz-gui/theme/AAFdownload.png deleted file mode 100644 index cebd95223478bf7168c05b5b2162d926ae31d98e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1834 zcmV+_2i5qAP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&2ER!}K~z{rwO4D1 zRaF%J_IcgMTpgX!e9f4Taq?A>rYWhQR7Cp2#0VsbAR>B685mLIk6uP3YCn2F)DNj2 zfuKeBt1u`S1yg!6=37V8nYlUldCoq&Z|!p@9i6MFxi9;kbI;j(t+m(s*0 zK792{6{k-W5yFAO|2>QqDBqr|(AMf>`Rp7f4@*PsIax5Te%^(S?+ehef#dw&%0=G! zBSl&xm-et^X%-t+v_h@ldCYA3=q$26?Q>mw{>0uJGsKj#4w1(GmJWl**!>ndKGLP(m`xF^WZs^fcE9l&)-q=R4355w~*V z5wrj2B78qd6R5$HkkLUkGMLkr#>0ym(Z_qo)Ycjo4LOb1KRttdq(NVz|J8+1mep1V zzbZWV>ZK#0R=j)C{N9I;-x0Lg-ZQ!FM+F%gN5WPVNUz$qbE%9(zSINiqY;sWU((R$Q%@#SOq5(a zT_(DY9mK})THgS^<{D-I*UFv&a^$ytCVF^fD6IEmEivOmKgr#M#l%v^lZ(aWxr~c> zZCT75pFwL=V!*(BNq)^3m&T0oDa@IYvN0ATtUU3Y;KKs622_fX1W*fKJYrIf0b+vD zScFHmda+7V3F|`aqR(i2@^mAnjmagdW3J^=B^20iO{{G(ld=7W65jaw6ozssGSQ1LH zPG>nAhWNl=Bf)1urq# zGeV^lq3@hVp%9V6`MVk-)Gk&o9!&$DJ!p=1hqYLY{o<&p2AY>G^xW4KkGG&G#pugyDk!RVKl`u3|zGzeu zmRew}Adeq8S+S^)r^UT_7N9Vs)egc61v6_FuI)s}p9PBn*|T}uX*{!~3qGnSmmHg3 zVHxNtRM1y&D2pT}*kS18Q`2bg>48J^K(9ru#IQ;*j>tK9@5u=$R;z5E(pdfW9~Q+- z9-b_Osk-Q{g!pOmG;|y|hsWPJj+>fgzY@67y)kCC=J4_(BT*_CdH`6x;Q)r_SjKCi zE3+0nxQHQ`%@7+>9XWite!_n;)O~v~wpsijIpCsP)eHe!GSPZI=ZR7Zy|^o!IW~=U=6735 z8k1TwXdjnF`^_0lY4I>)at`f$KBYB-$$U4tC5v0e11;7gG9)`h2b&pUK&Ehk?Vuzo zchUo=y9<_LB`rcy^O)f-cE2wk&`cR_w!k4au5xICRN7pLeXwjV#?iCl0XcQK3Oq2M z5NjQ-aEF z041XP*3mhrdtW+iA{HBAv{?H@tyDu9S8gn?J}`28s~){Y4|h-CpVO`1^_evvpTw-` z85SPaXO`a^IRs(76@_1ai?Qp?W+AZ9e6zcZFLo7CWeP}3bt4CB8JaU5o>-Q`?UQo& Y7c^3lExr!}S^xk507*qoM6N<$g5c0h;s5{u diff --git a/authz-gui/theme/AAFemail.png b/authz-gui/theme/AAFemail.png deleted file mode 100644 index 6d48776998fe16cdbbfdaade33e9be89b8663901..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2277 zcmVv00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&2zp6GK~z{rtypc0 zTvZu<&dkp4%r&)$!@ z_uS_^@B2RQdyeyLy@PjRyfh7D+5out&pCKr>6{mcFT%CXQ|!sT@Y8|^jS+=+^^o4v zJv-+G|8(gi{SaTHRzsmXi{j4?!1ccW4qq(I0G(O5G(ond;8H|j-4KRj7~Jl?!RCqB z8!UnssJQzE??(-w!RvYreyW1Lo*WTuKIGArhwEsE%cR-c;8Q%drDLFCF#)FYgv}-u z%K$7e36qH#3|K@KdDMBm4qqqGYR$T*g`L}ayGLgZ$Yqgg&%hI8N@hS8B4&5MS;_?(J*kHz?^{2RN*V^d06y`#g< z!E-yd^m- zKGo9+m(OxQ0pY{^sN;hI?PzNAQL$*&ZZ$bAQf;8n*^Uovd=vIoxgqw zPyY2RUOqR8_8dX92AMG#Gb%rHX66PW28)x4)u(3=vAfb#01F1qPM|b##PM8}CN_}Mh{{z1 zNd&Q9*sLt-)I)q2d!f&PQRnR2IhnZt|8jP6){~EYY!lXATtHR9(At_-Nh~CClfV+D z_&QcQIjcaLP)JV#EF);mt$8z!ZN^+V^)|1_v4Enx!U~m2hX2r{4S&7`OkE5-F@+S8&3y}m8VY*0P zWCS9j>^Mmedo;xiSRBPQyY|D~blm&e$SM5v8}|S!R={;L(j^g+3(0~aUAk#N>B7uP z9DW|iXHJb_c&f^Tbv`3mc4MTcd2jo-evgbMtf-brldNI@712Q#rHu?0jEvwtd-fu; zat++zcf4QSPa?a4`@eh?(<7t6%8QWh>V#)tq@-s8O8xR}8Kej{A{%x2*s=3W-tns! zap2p3018YD!bxe8Ip6X2OK|dqv&c{d%;01(B706Im0Jm15bmf<_J&81BU!iXzZD}T z;MHOBvTo;Xw@JpNq1$(C#=x4j`17+TY-UzuG_wTtQXHxnkj3aj6=Hes`c-D~Etjpp zws)?^Q~xOksbv zIBx#v4JZ}?CL5GlRv450^y@<2+!0+}B!KVV{`n)8s@%%Hm`!B{3cayPvqkjL2H6}x zx&uABzewBiwWsj(-^nJ;-efQ2=7=c#$e7X|4u0iJv=lH-ysRxSE@CI*f@@Zr;g5VC zM~)rDyS8nC|JP|WCZ?D}r)}1#Xy#;@*#Ts~K*{;dKWUQ%+I_!$2~R)&3euF7*sOei zn#>VJW4r|a@+n+(?PeUlj{x~yeSdD7$E0E;1TpfRz_~Le96NH%rsMj0;c^VBX0FX3 z;>gi70h7(W*T2mQ8A))KL3Y;@e=;9TXZSKpFGf)eR3M9_h}U}$?Zd#uU6^95sMe6? zSNLcvlM8}OW}{r6rz_ll?{WP5#7STvNL4Vua=aqnz}A!|LgN=x)JAEabXTbkGc`o? zKSjfuD>vd(dv~E+HWjiae}7#d^|Asb%b-2+%nNw*!AF4Z98y85Or}hlXnXldQn4#z zktt(PfnwT6M5E*Q&?k1|%1u{bhCbJtgmkV~IF}1BSpZlFK{Y^P?hCn?iX^GX(80S= zo}jrTRb

7*wq26F+hMnlgz|B!Ke6(IWEQ-8eAxSsR*3ZeD8zSt8*RA#h@I3nWdN zCy2#BCaf|!;m1!rho2vR%x0JB=ZrpJ-Mn`6|*NSvO zknbbNfn|V92F(%IE6mpqe*Gboi(_y-%m!9}vUs*in*hgHOBTAZ=aaYK(lveNe~Yzw zAo=_-$S$`RZ?%jv} zf&UG#`MnE(aAMNTtz{0)%}i)Zo8`3b9^fA@4&%v3e~414#30LKaOVx!u<;U1(sh^G zWB?^31aKe=c?4xuM6bdcbj92MU5!a2X@6KH%9Q2-N1hVbXU`AAlV`O00000NkvXXu0mjf0s392 diff --git a/authz-gui/theme/aaf5.css b/authz-gui/theme/aaf5.css deleted file mode 100644 index 920bdab7..00000000 --- a/authz-gui/theme/aaf5.css +++ /dev/null @@ -1,524 +0,0 @@ -/* - Standard CSS for AAF -*/ - -html { - height: 100%; -} - -body { - background-image:url('t_bubbles.jpg'); - background-color: #FFFFFF; - background-repeat:no-repeat; - background-position: right top; - background-size:15em 4.3em; - color:#606060; - font-family: Verdana,Arial,Helvetica,sans-serif; - overflow: scroll; - } - -header h1,p { - margin: 4px auto; -} - -header h1 { - display: inline; -} - -header { - display: block; - color: #F13099; -} - -p#version { - margin:0; - display:inline; - font-size: 0.75em; - float:right; - color: orange; - padding-right:4.2em; -} - -header hr { - margin: 0; -} - -hr { - border: 1px solid #C0C0C0; -} - -#breadcrumbs { - padding: 5px 0 12px 0; -} - - -#breadcrumbs ul { - color: #DFEFFC; - margin: 0; - list-style-type:none; - padding: 0; -} - -#breadcrumbs li { - border-width:2px; - margin: 3px 1px; - padding: 2px 9px; - border-style:solid; - border-top-left-radius: .8em; - border-bottom-left-radius: .8em; - background-color:#80C337; - display:inline; -} - -#breadcrumbs a { - text-decoration:none; - color: white; -} - -caption { - color:#FF7241; - text-align: center; - font-size:1.3em; - font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; -} - -#Pages { - padding: 3px 2px 10px 4px; - background: linear-gradient(to right, #147AB3,#FFFFFF); -} - -#Pages h3, -#Pages h4, -h5{ - color: #909090; -} - -form { - padding: 10px; - margin: 4px; -} - - -form input[id],select#myroles { - margin: 4px 0; - width: 150%; -} - -form label { - margin: 4px 0; -} - -form label[required] { - color: red; -} - -form input[type=submit], form input[type=reset] { - font-size: 1.0em; - margin: 12px 0 0px 0; - color: #F13099; -} - -p.preamble, p.notfound,.expedite_request { - display: block; - margin: 30px 0px 10px 0px; - font: italic bold 20px/30px Georgia, serif; - font-size: 110%; - color: #0079B8; -} -.expedite_request { - margin-top: 0; - color: #FF7241; -} - -.subtext { - margin-left: 10px; - font-size: 75%; - font-style: italic; -} - -#Pages a { - display:block; - font-weight:bold; - color:#FFFFFF; - background-color:#80C337; - text-decoration:none; - border-top-right-radius: .8em; - border-bottom-right-radius: .8em; - border-top-left-radius: .2em; - border-bottom-left-radius: .2em; - padding: 3px 40px 3px 10px; - margin: 4px; - width: 50%; -} - -#footer { - background-color: #FF7200; - color: #FFFFFF; - text-align:right; - font-size: 60%; - padding: 5px; - position:fixed; - bottom: 0px; - left: 0px; - right: 0px; -} - -/* - Standard Table, with Alternating Colors -*/ -div.std { - vertical-align: top; -} - -div.std table, div.stdform table { - position: relative; - border-collapse:collapse; - table-layout:auto; - left: 1.3%; - width: 98%; - margin-top: 5px; - bottom: 4px; - border-radius: 4px; -} - -div.std td, div.stdform td { - font-size:.9em; -} - -.center { - text-align: center; -} - -.right { - text-align: right; - padding-right: 4px; -} - -p.double { - line-height: 2em; -} - -p.api_comment { - font-size: .9em; - text-indent: 6px; -} - -p.api_contentType { - font-size: .8em; - text-indent: 6px; -} - -p.api_label { - font-size: .9em; - font-style: italic; -} - -div.std h1, div.std h2, div.std h3, div.std h4, div.std h5 { - text-indent: 7px; -} - -div.std td { - border:1px solid #A6C9E2; -} - -div.std th, div.stdform th { - background-color:#6FA7D1; - color:#FFFFFF; - } - -div.std tr.alt, div.stdform tr.alt { - background-color:#DFEFFC; -} - -div.std a, div.stdform a { - /*color: #606060;*/ - color: #147AB3; -} - -td.head { - font-weight:bold; - text-align: center; -} - -td.head a { - color:blue; -} - -/* - A Table representing 1 or more columns of text, i.e. Detail lists -*/ -div.detail table { - width: 100%; -} - -div.detail caption { - border-bottom: solid 1px #C0C0C0; -} - -/* - Approval Form select all - -*/ -.selectAllButton { - background: transparent; - border:none; - color:blue; - text-decoration:underline; - font-weight:bold; - cursor:pointer; -} - - -/* - Begin Web Command Styling -*/ -#console_and_options { - position:relative; -} - -.maximized { - position:absolute; - top:0px; - bottom:50px; - left:0px; - right:0px; - z-index:1000; - background-color:white; -} - -#console_area { - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; - background-color: black; - color: white; - font-family: "Lucida Console", Monaco, monospace; - overflow-y: scroll; - height: 300px; - min-width: 600px; - padding: 5px; - resize: vertical; -} - -.command,.bold { - font-weight: bold; -} - -.command:before { - content: "> "; -} - -.response{ - font-style: italic; - font-size: 150%; -} - -#input_area { - margin-top: 10px; - clear: both; -} - -#command_field, #submit { - font-size: 125%; - background-color: #333333; - color: white; - font-family: "Lucida Console", Monaco, monospace; - -webkit-border-radius: 1em; - -moz-border-radius: 1em; - border-radius: 1em; -} - -#command_field { - width: 75%; - padding-left: 1em; -} - -#submit { - background-color: #80C337; - padding: 0 5%; - float: right; -} - -/* - Options Menu Styling for Web Command -*/ -#options_link { - -webkit-border-radius: 0 0 20% 20%; - -moz-border-radius: 0 0 20% 20%; - border-radius: 0 0 20% 20%; - -webkit-transition: opacity 0.5s ease-in-out; - -moz-transition: opacity 0.5s ease-in-out; - -ms-transition: opacity 0.5s ease-in-out; - -o-transition: opacity 0.5s ease-in-out; - transition: opacity 0.5s ease-in-out; -} - -.closed { - opacity: 0.5; - filter: alpha(opacity=50); -} - -#options_link:hover, .open { - opacity: 1.0; - filter: alpha(opacity=100); -} - -#options_link, #options { - background: white; - position:absolute; - top:0; - right:2em; - padding:0.1em; -} - -#options > img { - cursor: pointer; - float: right; - padding: 0.2em; -} - -.selected { - border: 3px solid orange; -} - -#options, #text_slider { - display:none; - padding:0.5em; - -webkit-border-radius: 0 0 0 10px; - -moz-border-radius: 0 0 0 10px; - border-radius: 0 0 0 10px; -} -#text_slider { - clear:both; -} - -/* - Button styling for changing text size -*/ -.change_font { - border-top: 1px solid #96d1f8; - background: #65a9d7; - background: -webkit-gradient(linear, left top, left bottom, from(#3e779d), to(#65a9d7)); - background: -webkit-linear-gradient(top, #3e779d, #65a9d7); - background: -moz-linear-gradient(top, #3e779d, #65a9d7); - background: -ms-linear-gradient(top, #3e779d, #65a9d7); - background: -o-linear-gradient(top, #3e779d, #65a9d7); - padding: 0 2px; - -webkit-border-radius: 50%; - -moz-border-radius: 50%; - border-radius: 50%; - -webkit-box-shadow: rgba(0,0,0,1) 0 1px 0; - -moz-box-shadow: rgba(0,0,0,1) 0 1px 0; - box-shadow: rgba(0,0,0,1) 0 1px 0; - text-shadow: rgba(0,0,0,.4) 0 1px 0; - color: white; - font-size: 14px; - font-family: monospace; - text-decoration: none; - vertical-align: middle; -} -.change_font:hover { - border-top-color: #28597a; - background: #28597a; - color: #ccc; -} - -/* - Text Size Slider styling -*/ - -input[type=range] { - -webkit-appearance: none; - width: 60%; - margin: 0; -} -input[type=range]:focus { - outline: none; -} -input[type=range]::-webkit-slider-runnable-track { - width: 100%; - height: 4px; - cursor: pointer; - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; - background: #3071a9; - border-radius: 0.6px; - border: 0.5px solid #010101; -} -input[type=range]::-webkit-slider-thumb { - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; - border: 1px solid #000000; - height: 16px; - width: 16px; - border-radius: 30px; - background: #efffff; - cursor: pointer; - -webkit-appearance: none; - margin-top: -7.15px; -} -input[type=range]:focus::-webkit-slider-runnable-track { - background: #367ebd; -} -input[type=range]::-moz-range-track { - width: 100%; - height: 2.7px; - cursor: pointer; - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; - background: #3071a9; - border-radius: 0.6px; - border: 0.5px solid #010101; -} -input[type=range]::-moz-range-thumb { - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; - border: 1px solid #000000; - height: 16px; - width: 16px; - border-radius: 30px; - background: #efffff; - cursor: pointer; -} -input[type=range]::-ms-track { - width: 100%; - height: 2.7px; - cursor: pointer; - background: transparent; - border-color: transparent; - color: transparent; -} -input[type=range]::-ms-fill-lower { - background: #2a6495; - border: 0.5px solid #010101; - border-radius: 1.2px; - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; -} -input[type=range]::-ms-fill-upper { - background: #3071a9; - border: 0.5px solid #010101; - border-radius: 1.2px; - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; -} -input[type=range]::-ms-thumb { - box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d; - border: 1px solid #000000; - height: 16px; - width: 16px; - border-radius: 30px; - background: #efffff; - cursor: pointer; - height: 2.7px; -} -input[type=range]:focus::-ms-fill-lower { - background: #3071a9; -} -input[type=range]:focus::-ms-fill-upper { - background: #367ebd; -} -.expired { - color: red; - background-color: pink; -} -.blank_line { - padding: 10px; -} -#filterByUser input { - display: inline; -} diff --git a/authz-gui/theme/aaf5Desktop.css b/authz-gui/theme/aaf5Desktop.css deleted file mode 100644 index b4aa02f8..00000000 --- a/authz-gui/theme/aaf5Desktop.css +++ /dev/null @@ -1,92 +0,0 @@ -/* - Modifications for Desktop -*/ -body { - background-size:23em 4.7em; -} - - -#breadcrumbs a:visited, #breadcrumbs a:link { - transition: padding .5s; -} - -#breadcrumbs a:hover { - padding: 2px 2px 2px 30px; - transition: padding .5s; -} - -#breadcrumbs, #inner { - margin: 3px; - width: 77%; - float: left; - min-width:500px; - background-color: #FFFFFF; - -} - -#breadcrumbs li { - box-shadow: 3px 3px 2px #888888; -} - -#Pages { - margin: 20px; - filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#147AB3', endColorstr='#ffffff',GradientType=1 ); /*linear gradient for IE 6-9*/ -} - -#Pages a:visited, #Pages a:link { - padding: 3px 40px 3px 10px; - transition: padding .5s; - margin: 6px; - box-shadow: 3px 3px 2px #888888; -} - -#Pages a:hover { - padding: 4px 80px 4px 15px; - transition: box-shadow padding .5s; - box-shadow: 4px 4px 3px #888888; -} - - -#inner { - padding: 7px; - background: #FFFFFF; - overflow: hidden; -} - -div.std, form { - border: solid 2px #D0D0D0; - border-radius: 5px; - box-shadow: 10px 10px 5px #888888; -} - -div.detail { - border: solid 2px #C0C0C0; - border-radius: 14px; - box-shadow: 10px 10px 5px #888888; -} - -#nav { - display: inline-block; - position: absolute; - right: 2%; - left: 81%; -} - -#nav h2 { - color: #FF7200; - font-size: 1.2em; - font-family: Verdana,Arial,Helvetica,sans-serif; - font-style: italic; - font-weight: normal; - -} - -#nav ul { - font-style:italic; - font-size: .8em; - font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; - color: #067ab4; - list-style-type: square; - margin: 0; - padding: 0; -} diff --git a/authz-gui/theme/aaf5iPhone.css b/authz-gui/theme/aaf5iPhone.css deleted file mode 100644 index c356983b..00000000 --- a/authz-gui/theme/aaf5iPhone.css +++ /dev/null @@ -1,38 +0,0 @@ -/* - Modifications for iPhone -*/ -body { - zoom: 210%; -} - -#breadcrumbs { - font-size: .9em; -} - - -div.std table { - margin: 0 0 20px 0; - zoom: 130% -} - - -div.stdform th { - font-size: 9px; -} - -#content input { - font-size: 1.3em; -} - - -#Pages a { - font-size: 1.3em; - width: 75%; - height:35px; -} - -#nav { - display: none; -} - - diff --git a/authz-gui/theme/aafOldIE.css b/authz-gui/theme/aafOldIE.css deleted file mode 100644 index 5910c5cf..00000000 --- a/authz-gui/theme/aafOldIE.css +++ /dev/null @@ -1,162 +0,0 @@ -/* - Modifications for non-html5 IE -*/ -body { - background-size:23em 4.7em; -} - - -body h1 { - margin: 4px auto; - color: #F13099; -} - -#footer { - background-color: #FF7200; - color: #FFFFFF; - text-align:right; - font-size: 60%; - padding: 5px; - position:fixed; - bottom: 0px; - left: 0px; - right: 0px; -} - -#breadcrumbs a:visited, #breadcrumbs a:link { - transition: padding .5s; -} - -#breadcrumbs a:hover { - padding: 2px 2px 2px 30px; - transition: padding .5s; -} - -#breadcrumbs, #content { - margin: 3px; -} - -#breadcrumbs, #inner { - margin: 3px; - width: 77%; - float: left; - min-width:500px; - background-color: #FFFFFF; -} - - -#breadcrumbs li { - box-shadow: 3px 3px 2px #888888; -} - -#inner { - padding: 10px; - overflow: hidden; -} - -#inner form { - border: solid 2px #D0D0D0; -} - -#inner form input[id] { - margin: 4px 0; -} - -#inner form label { - margin: 4px 0; -} - -#inner form label[required] { - color: red; -} - -#inner form input[type=submit] { - font-size: 1.0em; - margin: 12px 0 0px 0; - color: #F13099; -} - -p.preamble, p.notfound { - display: block; - margin: 30px 0px 10px 0px; - font: italic bold 20px/30px Georgia, serif; - font-size: 110%; - color: #0079B8; -} - - -#Pages { - margin: 20px; - filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#147AB3', endColorstr='#ffffff',GradientType=1 ); /*linear gradient for IE 6-9*/ -} - -#Pages a:visited, #Pages a:link { - display: block; - padding: 3px 40px 3px 10px; - transition: padding .5s; - margin: 6px; - box-shadow: 3px 3px 2px #888888; - background-color: #98bf21; - text-decoration: none; - color: white; - font-weight: bold; -} - -#Pages a:hover { - padding: 4px 80px 4px 20px; - transition: box-shadow padding 1s; - box-shadow: 4px 4px 3px #888888; -} - -tr { - font-size: .9em; -} - -tr.alt { - background-color: #EEF0F0; -} - -#nav { - - display: block; - position: absolute; - top: 175px; - right: 2%; - left: 81%; - z-index=1; - clear: both; -} - - -#nav h2 { - color: #FF7200; - font-size: 1.2em; - font-family: Verdana,Arial,Helvetica,sans-serif; - font-style: italic; - font-weight: normal; - -} - -#nav ul { - font-style:italic; - font-size: .8em; - font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; - color: #067ab4; - list-style-type: square; - margin: 0; - padding: 0; -} - -div.std { - border: solid 2px #D0D0D0; - border-radius: 5px; - box-shadow: 10px 10px 5px #888888; -} - - -div.detail { - border: solid 2px #C0C0C0; - border-radius: 14px; - box-shadow: 10px 10px 5px #888888; -} - diff --git a/authz-gui/theme/aaf_1_0.xsd b/authz-gui/theme/aaf_1_0.xsd deleted file mode 100644 index a71e2ea1..00000000 --- a/authz-gui/theme/aaf_1_0.xsd +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/authz-gui/theme/aaf_2_0.xsd b/authz-gui/theme/aaf_2_0.xsd deleted file mode 100644 index 95c8ff9e..00000000 --- a/authz-gui/theme/aaf_2_0.xsd +++ /dev/null @@ -1,394 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/authz-gui/theme/comm.js b/authz-gui/theme/comm.js deleted file mode 100644 index 5a1ac4d8..00000000 --- a/authz-gui/theme/comm.js +++ /dev/null @@ -1,24 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -function http(meth, sURL, sInput, func) { - if (sInput != "") { - var http; - if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari - http=new XMLHttpRequest(); - } else {// code for IE6, IE5 - http=new ActiveXObject('Microsoft.XMLHTTP'); - } - - http.onreadystatechange=function() { - if(http.readyState==4 && http.status == 200) { - func(http.responseText) - } - // Probably want Exception code too. - } - - http.open(meth,sURL,false); - http.setRequestHeader('Content-Type','text/plain;charset=UTF-8'); - http.send(sInput); - } -} \ No newline at end of file diff --git a/authz-gui/theme/common.js b/authz-gui/theme/common.js deleted file mode 100644 index e9af8fef..00000000 --- a/authz-gui/theme/common.js +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -Object.defineProperty(Element.prototype, 'outerHeight', { - 'get': function(){ - var height = this.clientHeight; - height += getStyle(this,'marginTop'); - height += getStyle(this,'marginBottom'); - height += getStyle(this,'borderTopWidth'); - height += getStyle(this,'borderBottomWidth'); - return height; - } -}); - -if (document.addEventListener) { - document.addEventListener('DOMContentLoaded', function () { - var height = document.querySelector("#footer").outerHeight; - document.querySelector("#inner").setAttribute("style", - "margin-bottom:" + height.toString()+ "px"); - }); -} else { - window.attachEvent("onload", function () { - var height = document.querySelector("#footer").outerHeight; - document.querySelector("#inner").setAttribute("style", - "margin-bottom:" + height.toString()+ "px"); - }); -} - - - -function getStyle(el, prop) { - var result = el.currentStyle ? el.currentStyle[prop] : - document.defaultView.getComputedStyle(el,"")[prop]; - if (parseInt(result,10)) - return parseInt(result,10); - else - return 0; -} - -function divVisibility(divID) { - var element = document.querySelector("#"+divID); - if (element.style.display=="block") - element.style.display="none"; - else - element.style.display="block"; -} - -function datesURL(histPage) { - var validated=true; - var yearStart = document.querySelector('#yearStart').value; - var yearEnd = document.querySelector('#yearEnd').value; - var monthStart = document.querySelector('#monthStart').value; - var monthEnd = document.querySelector('#monthEnd').value; - if (monthStart.length == 1) monthStart = 0 + monthStart; - if (monthEnd.length == 1) monthEnd = 0 + monthEnd; - - validated &= validateYear(yearStart); - validated &= validateYear(yearEnd); - validated &= validateMonth(monthStart); - validated &= validateMonth(monthEnd); - - if (validated) window.location=histPage+"&dates="+yearStart+monthStart+"-"+yearEnd+monthEnd; - else alert("Please correct your date selections"); -} - -function userFilter(approvalPage) { - var user = document.querySelector('#userTextBox').value; - if (user != "") - window.location=approvalPage+"?user="+user; - else - window.location=approvalPage; -} - -function validateYear(year) { - var today = new Date(); - if (year >= 1900 && year <= today.getFullYear()) return true; - else return false; -} - -function validateMonth(month) { - if (month) return true; - else return false; -} - -function alterLink(breadcrumbToFind, newTarget) { - var breadcrumbs = document.querySelector("#breadcrumbs").getElementsByTagName("A"); - for (var i=0; i< breadcrumbs.length;i++) { - var breadcrumbHref = breadcrumbs[i].getAttribute('href'); - if (breadcrumbHref.indexOf(breadcrumbToFind)>-1) - breadcrumbs[i].setAttribute('href', newTarget); - } -} - -// clipBoardData object not cross-browser supported. Only IE it seems -function copyToClipboard(controlId) { - var control = document.getElementById(controlId); - if (control == null) { - alert("ERROR - control not found - " + controlId); - } else { - var controlValue = control.href; - window.clipboardData.setData("text/plain", controlValue); - alert("Copied text to clipboard : " + controlValue); - } -} diff --git a/authz-gui/theme/console.js b/authz-gui/theme/console.js deleted file mode 100644 index e35becff..00000000 --- a/authz-gui/theme/console.js +++ /dev/null @@ -1,275 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -function getCommand() { - if(typeof String.prototype.trim !== 'function') { - String.prototype.trim = function() { - return this.replace(/^\s+|\s+$/g, ''); - }; - } - - var cmds = []; - cmds = document.querySelector("#command_field").value.split(" "); - var cleanCmd = ""; - if (document.querySelector("#details_img").getAttribute("class") == "selected") - cleanCmd += "set details=true "; - for (var i = 0; i < cmds.length;i++) { - var trimmed = cmds[i].trim(); - if (trimmed != "") - cleanCmd += trimmed + " "; - } - - return cleanCmd.trim(); -} - -function moveCommandToDiv() { - - var textInput = document.querySelector("#command_field"); - var content = document.createTextNode(textInput.value); - var parContent = document.createElement("p"); - var consoleDiv = document.querySelector("#console_area"); - var commandCount = consoleDiv.querySelectorAll(".command").length; - parContent.setAttribute("class", "command"); - parContent.appendChild(content); - consoleDiv.appendChild(parContent); - - textInput.value = ""; -} - -function printResponse(response) { - var parContent = document.createElement("p"); - parContent.setAttribute("class", "response"); - var preTag = document.createElement("pre"); - parContent.appendChild(preTag); - var content = document.createTextNode(response); - preTag.appendChild(content); - var consoleDiv = document.querySelector("#console_area"); - consoleDiv.appendChild(parContent); - - consoleDiv.scrollTop = consoleDiv.scrollHeight; -} - -function clearHistory() { - var consoleDiv = document.querySelector("#console_area"); - var curr; - while (curr=consoleDiv.firstChild) { - consoleDiv.removeChild(curr); - } - document.querySelector("#command_field").value = ""; - currentCmd = 0; -} - -function buttonChangeFontSize(direction) { - var slider = document.querySelector("#text_size_slider"); - var currentSize = parseInt(slider.value); - var newSize; - if (direction == "inc") { - newSize = currentSize + 10; - } else { - newSize = currentSize - 10; - } - if (newSize > slider.max) newSize = parseInt(slider.max); - if (newSize < slider.min) newSize = parseInt(slider.min); - slider.value = newSize; - changeFontSize(newSize); -} - -function changeFontSize(size) { - var consoleDiv = document.querySelector("#console_area"); - consoleDiv.style.fontSize = size + "%"; -} - -function handleDivHiding(id, img) { - var options_link = document.querySelector("#options_link"); - var divHeight = toggleVisibility(document.querySelector("#"+id)); - - if (id == 'options') { - if (options_link.getAttribute("class") == "open") { - changeImg(document.querySelector("#options_img"), "../../theme/options_down.png"); - options_link.setAttribute("class", "closed"); - } else { - changeImg(document.querySelector("#options_img"), "../../theme/options_up.png"); - options_link.setAttribute("class", "open"); - } - moveToggleImg(options_link, divHeight); - } else { //id=text_slider - selectOption(img,divHeight); - } - -} - -function selectOption(img, divHeight) { - var options_link = document.querySelector("#options_link"); - var anySelected; - if (img.getAttribute("class") != "selected") { - anySelected = document.querySelectorAll(".selected").length>0; - if (anySelected == false) - divHeight += 4; - img.setAttribute("class", "selected"); - } else { - img.setAttribute("class", ""); - anySelected = document.querySelectorAll(".selected").length>0; - if (anySelected == false) - divHeight -= 4; - - } - - moveToggleImg(options_link, divHeight); -} - -function toggleVisibility(element) { - var divHeight; - if(element.style.display == 'block') { - divHeight = 0 - element.clientHeight; - element.style.display = 'none'; - } else { - element.style.display = 'block'; - divHeight = element.clientHeight; - } - return divHeight; -} - -function moveToggleImg(element, height) { - var curTop = (element.style.top == "" ? 0 : parseInt(element.style.top)); - element.style.top = curTop + height; -} - -function changeImg(img, loc) { - img.src = loc; -} - -var currentCmd = 0; -function keyPressed() { - document.querySelector("#command_field").onkeyup=function(e) { - if (!e) e = window.event; - var keyCode = e.which || e.keyCode; - if (keyCode == 38 || keyCode == 40 || keyCode == 13 || keyCode == 27) { - var cmdHistoryList = document.querySelectorAll(".command"); - switch (keyCode) { - case 13: - // press enter - - if (getCommand().toLowerCase()=="clear") { - clearHistory(); - } else { - currentCmd = cmdHistoryList.length + 1; - document.querySelector("#submit").click(); - } - break; - - case 27: - //press escape - currentCmd = cmdHistoryList.length; - document.querySelector("#command_field").value = ""; - break; - - case 38: - // press arrow up - if (currentCmd != 0) - currentCmd -= 1; - if (cmdHistoryList.length != 0) - document.querySelector("#command_field").value = cmdHistoryList[currentCmd].innerHTML; - break; - case 40: - // press arrow down - var cmdText = ""; - currentCmd = (currentCmd == cmdHistoryList.length) ? currentCmd : currentCmd + 1; - if (currentCmd < cmdHistoryList.length) - cmdText = cmdHistoryList[currentCmd].innerHTML; - - document.querySelector("#command_field").value = cmdText; - break; - } - } - } -} - -function saveToFile() { - var commands = document.querySelectorAll(".command"); - var responses = document.querySelectorAll(".response"); - var textToWrite = ""; - for (var i = 0; i < commands.length; i++) { - textToWrite += "> " + commands[i].innerHTML + "\r\n"; - textToWrite += prettyResponse(responses[i].firstChild.innerHTML); - } - - var ie = navigator.userAgent.match(/MSIE\s([\d.]+)/); - var ie11 = navigator.userAgent.match(/Trident\/7.0/) && navigator.userAgent.match(/rv:11/); - var ieVer=(ie ? ie[1] : (ie11 ? 11 : -1)); - -// if (ie && ieVer<10) { -// console.log("No blobs on IE ver<10"); -// return; -// } - - var textFileAsBlob = new Blob([textToWrite], {type:'text/plain'}); - var fileName = "AAFcommands.log"; - - if (ieVer >= 10) { -// window.navigator.msSaveBlob(textFileAsBlob, fileName); - window.navigator.msSaveOrOpenBlob(textFileAsBlob, fileName); - } else { - var downloadLink = document.createElement("a"); - downloadLink.download = fileName; - downloadLink.innerHTML = "Download File"; - if (window.webkitURL != null) { - // Chrome allows the link to be clicked - // without actually adding it to the DOM. - downloadLink.href = window.webkitURL.createObjectURL(textFileAsBlob); - } else { - // Firefox requires the link to be added to the DOM - // before it can be clicked. - downloadLink.href = window.URL.createObjectURL(textFileAsBlob); - downloadLink.onclick = destroyClickedElement; - downloadLink.style.display = "none"; - document.body.appendChild(downloadLink); - } - - downloadLink.click(); - } -} - -function prettyResponse(response) { - var lines = response.split('\n'); - var cleanResponse = ""; - for (var i=0; i < lines.length; i++) { - cleanResponse += lines[i] + "\r\n"; - } - cleanResponse = cleanResponse.replace(/(<)/g,"<").replace(/(>)/g,">"); - return cleanResponse; -} - -function destroyClickedElement(event){ - document.body.removeChild(event.target); -} - -function fakePlaceholder() { - document.querySelector("#command_field").setAttribute("value", "Type your AAFCLI commands here"); -} - -function maximizeConsole(img) { - var footer = document.querySelector("#footer"); - var console_area = document.querySelector("#console_area"); - var content = document.querySelector("#content"); - var input_area = document.querySelector("#input_area"); - var help_msg = document.querySelector("#help_msg"); - var console_space = document.documentElement.clientHeight; - console_space -= input_area.outerHeight; - console_space -= help_msg.outerHeight; - var height = getStyle(console_area,'paddingTop') + getStyle(console_area,'paddingBottom'); - console_space -= height; - - - if (content.getAttribute("class") != "maximized") { - content.setAttribute("class", "maximized"); - footer.style.display="none"; - console_area.style.resize="none"; - console_area.style.height=console_space.toString()+"px"; - } else { - content.removeAttribute("class"); - footer.style.display=""; - console_area.style.resize="vertical"; - console_area.style.height="300px"; - } - selectOption(img,0); -} diff --git a/authz-gui/theme/favicon.ico b/authz-gui/theme/favicon.ico deleted file mode 100644 index 3aea27221ca7732bc043a84f0cd2fcbfa3c80894..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3638 zcmeHJXFycP7XB^~LWogf6kEiuV2nmIq-cVeL`~EXi6x3%5wRsgP_Y0mf?|QCH>Juh z9Tt{d$^r|7vXrH)TwFTRn>6X|&4Ru>U-BzI-mmxV-kmw;n|o%?+}ZP8fPx&9l`(-c z^1uqxTeN7>4paneiBFA~vLP}z1>z*wOieU@`57M{M~a;W5_y5}G6Y(xGQe^+f`n@d zS5qxiXL}<{lnasH9@Nygfp0zoQ2`I&X{`r`3(L{h-2ib02L>N?(b(DvIy(w+x94GWq#qS!MewvaiOMWjNd91>P7)43 z`|}Ws#mE+h!~eqDC@&H~9BGV#M0aGT^3X`fz}tE+vL5RoUla#{%TDC64nWBI9bGS) z5P4Mr{X@fGJLn_DYac4IS>RZ$L!CGXFIwx+(Oizkx@rvcw4%C7ih?i$6lH`Wnr#me z`vhp-O_ZiQ#LK=BbocZk>Ha!Y7e=D-Sv-bE$52(A3=!WMU2Qdx2t8nbQ5{i?Wf<;l z#`D^G)X}k|ts(ghBbG56gM$M|uv$QJEkh3b5X9jZQIP77#xfzECEZ15R}bo{i%}u+ zL04BZvV49dd$=FjDI7dYU|?u?2)zR@$v&<|h^HCCj3|tdGt>LB7abklsBLIPRY5pe zGZTC>W$-O#Vt8Z(T+3zXY%NDkO$}-#k>IlJAWrna*w`3E-a6>->nHcWKusmtgYYvb zO>@8)i90?%hGEhUkB(!A#2FnK!qCtVI!V6GWl1Cs6OtIyzntU$JO05AP%^M@G0!}i z=z;RKy?j#P!8Fh1JADEdQ=rcOq`m*ci{E^&ap$cgF2vrfx?tw)U*`Vsie-6HmP znm>PVRzBpO&95epmQpx8eb(+}d*8bzr{m~$dqxnBDXuoUxn<3{P><7}uJFAAGv$SI z-nsj>#kcQMl=((2d=<9j;XEhjt6zVi=1(z4Af5DPjjuzbkE3ad%%o_0VIP zEkp1pK6VqGzf?dAvSt7DB1d$h&MqP`Hk0dhowb-kjK6`b&L)xnP*7+%%=gKoQ5uIL z&aZH>HbnR(fO(13h`I(ylHHM+DMFmP9-^MyMVQT2#8}LM^C=2e#}+^sAA#=XLX?)| zqmR^(j7QtRGGBvYQ6$_fb|c*V65KD&Lv8yAa#?zi3K$6Rb%%}7cc{+sK}sYOX>23- zKhT5ALsQh&l%T6`6tT8n!1tmOlB2zmAP^wVc?X_~lTj?KM8GMaUJ{13_6`JHo(Z1y za#$Umj%ZUQBn6ryI?NAgUOywkT9ed`5G45;5FJT}-xX4qhI(OVFb6#^svyoU0G;6v ze@A0d`)?uLc_YFc4bTUn2DPQRlw)RqEu*$BuiC-|7;QzLS-(oh(E4R%JG;BK}R(Vm8QnxBQx z%hOOKDS?OaQe+c7EEh+hDE=;-FMkHF+q#Id-GRh=%Tbc)fk!q+ksNvlqQLXW3Nt|* z%Y@Y8VWJy5k;y&`@|e=tx|+DR-qu}31TB%iRONQ zhRPgtb+;qp`uiv;p>hBG8sy|;BZ+AD^8yxxX_-iH+=2vGU9jD*puV{UoU8KS+~15+ zNjloQM-gW^7hG>+m>rl7ze_WSmPJD<3Id-K1Q!EE)R(0r>CQ(;@;r!CH*KWFu~8{4 z0Q<&rjE)T=;@VtD)4kEx--o`g=XlXxJ5k@uE1#peJQ;2ejNx`i9|OIeU>uo)5Mz1N zmk|9-iy)eEfYfahIGJukRYM2bYqF3S`hdJ6aFF7l2|iOBS;9!7=Vvf5JV>;?8-9iq zcn&%c@}3~r&jFdywurJ+M`^wQzW4S_=wW9Q4c3);C@U{VX6$34rzgM%moB;{Z>XhIcczAjy>Kfb8($azu)7hZQN>M>) zBkImtq^11!DkpZv3p#RM?@?xj1)*)E!Zmjg* zyk4%_+Rx)}nwl=Zdw2eKg@G=ElObN;umAYa;u*j1-M;k5#*L*1`u+Fqs#cSYV37Gq zOPxq_F1EWgOM09?=&Potu~OLmXg`+_lRUj<@!KEmx)qx5-K5@pIQ7PfA>ReP)3UWl z945MLyi{gdIVv-XFVt@3Q>^9*@@< z%)a0e%I3SDqiMoZLo1$~{nG50lX)sC0tQX%(-cKJB=1@F%SbLI;Kfet-VJ^oJFWii&>qegwN4QSPyQ5o;^^Oq5v-I);um~6u-8Y;;j1O7s+L`dI#%5h^3WX=$Wbv0{UqtK9YL z_4QRuCbLbIMN|6aMJj~%d8^e%cY~&)qGtWp*(o~}a>`V?dsHkXdZLQd*5T`{RyX~n-o*L4* z|DmDbdV|@j3aJXJme)0{6bSY&0FW^bd&IwyC;tk>A^d!Ni&SYyBTsJvwGo?6zh)=f$KyKV)yI|2 zkw4HmzLT+3@Fy(`NH&`9Qd2WN)rG+LxPxrtW#2cTrzCZ9lJd*{ocRsP000yS1^@s6cz2e)00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&0@g`HK~zXfy;SW> zQ(+YU-Mj62o6hAd6-mR2G6KuYRu~0=R6>N%8$vHwU+POy{Re%k4}ItbN<>h^3WFd9 zSy9L=Vx`k;6H&4kU-B(-W3t^{?>f(&_pag88QA%B@AI5p3`06Z;(}T;896k%yQr;(lcjPM72*4K^7F zp|YVJ&QC*tfk$qR1Z0S1mk6p6@CCA`gy>L*?Bj`|h_I`zm67qwb23#zZID6p+g zL+P58F%Z#c!2S)H>VY=V3{;Y5aQT@R0cn1Xt~fksBn?cn04#?hN04t_5f8#Hu9p`g z+bSZgMCot@Vj@N_yN7YUxho-?7HUsJ`wwu`3FfZ?uy_*TM#X08zA?sxeepbpx}#eG zUroBrbl=GS(k2#vZCf3ed#OzBoo= z>7)OurVcf@XVi~3-Z2=(C;;=5NViNX=GNgYu!yGkBIkR%4%EKK3(p8l6u{cX5{0M3 zIBCy^duR&1;{gb?Q|ftGLBXn2Vz3=M@-pV=r!Qk7WlL{6@$t)qKALJvq#0T^(rQ)* z#=u6pInM6HuC=yAX%>FFTF%+Am$inkok{R}xMgHJJ_C?_56OZyf~ zu3s|YleJfUW0A6ZZIPR;eaVKXen~UYcYz*HHdRZpC4(#_x#s%^)39)n%^;gG00000 LNkvXXu0mjfMrm;Y diff --git a/authz-gui/theme/options_up.png b/authz-gui/theme/options_up.png deleted file mode 100644 index 7414dab5d20a7451b47cd840a7a6fcbe06f4a99d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 826 zcmV-A1I7G_P)P000yS1^@s6cz2e)00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGmbN~PnbOGLGA9w%&0?$cAK~zXfy_N4v zQ&AYlzq{Rgw;B$r*-*1G1aT&&=3bN%2w^aSAS+E23hYhvqBp(kKd`7b^&*p^up*%# zT9Fj=Q%glN3Jbx0kZCu>BeVa zHQg;p3)1p*7}XcM@Mw5EEs$ZU?J7O@1cPJKP=g9YlZf+sx1iavX-Tk@kb&=B>~4Dn z_oN@9QG{SHAgo59`hwV+Z$;O!N|?kINnuIbGLWm(jMFoh0XiO_g1b4Gw|o2}?MUbQGFVI{p^CvoUT zKLHpdDH@Q46%<&_s4L3>`xQjo`O-=Wy(1H-xzxRM$TQl&&tT-Ij{pJ;)FPE%C8pwb zV+F3)m%~|-gAh|R5MP(b2oK+mqVmFX1VYMRumzRO1VT7*_Z=o?qAlV9xWcm`RNL2~ z(3YW%+w03s<19)D;FD%a#MwP|$aEQ%*gG3P$H&7H zx(RfM=ZB9jS+slH`;PofTs>I2C?LLIw^`7(uLP>cuT`Xpa^+Be%xPNG+Ttu^XIa3e z17P%gR8f0eM;yAlQjr?U*5k_2?J$Z0*i3-;pL4Kgl^kWpA4o6Rw_|V=`I%6xI@^2i$6zC~R8uG7O8G!8i}uH+wEic{1^ySvZd*oCE|UBOp;E4oHq7!3aoHkeo!aBoPTBK{5z}WCY0| zNs#OiX67GsKmGRpd-v|MHP6%Mopb7R*IQNHU0s+-%sfD*rLL(CfIuMN3ibzJ7KzL> zRaI^D4fWJDuc~1e0D$PqRfM|-m<#~i+{~sZ8J5O(4008M@wMFe6eC)9JAr{{X z@bx^O-@#(4o37^=3_Zu*SOc+`_8dF?!k2#P{K87-*xt?E9;dsmXP2V5x~0txBT11-&+43oX7T;#=gPNn1N{e|IGc_ z`)AJM1pr7LVtw=E&)m&40H}Ke0JKwo=GdPD0O>;js2%(pADZ)garX7~lo1pR2nY~B zIM@lCJM_2wp9;S<|99}W>j|7+@3-$*E;~5d`rYznId`g^$1M*(Zx$ad5r~> z`DlR3MgSliqyivY{Q#7b5P(=_V^=`G<8~F_1USF*OyR4)@*az^>pzeGbO6U=|AKuG zPAuoss)oiac7ERe=NNlWoF8xi0)P~t0_Xr{fDPaV_yG|>5|9Oy05w1h&;yKt>wq<2 z2RH+6fHx2T1OxYga3C6Z0we+HKn{=(lmHdLYoHEj1X_VEpbz*2i~-ZYJg@?60z1GF zaEg79!9c_yN)R0g4&ngufkZ%3AO(;b=qkt%bRBd98ZJ7+a15Jk(Lu;WO&=KeYbO(yYA;w|E;lq)^(Zn&s zal#3}3CBssDa5J4>BJesS;0BN#l@w;<-(Q3y@Gok*9G?uZVYY~ZYAz}+#%d0+(Q@) zMhD}A$;0$uwlH5*c*A(Bc&GSe z_#F5$_N;@CWf%@J|WI3AhO435*F`2<{Q25>ya$5_}=pCnO}iNGMHc zK!_l`OPEUdim-=pf$*4!f{2$$mB^CFk0_3)i0D1hXQF*#Vq#8WC1P`8U*b6865@8^ zSz;s!C5ZruCW$>s7)b_6Ey*y+HYq+S2dOftHE9rOGHEsGAn7+Ud@@clRWe($P_hiN zw`3D!hvbyx!sL47ZsalKFUfn!*C=2VoD^yl_7o2(@+jIVmM9^VY?P{$c9ah&^C>$i zSEz8QxTrL#T&SX{%BcpZcBm<+#i&iF1F18po2ch$AT*pbnl!g);%Q#fjMJQ4V7j1u z!QsN=3l$fJFZ`fopjD!EppBxfq#dI@p<|&_qjRNuN>@iWLl33rr8l4tpwFi7r2oc1 z#URUI#}LKvnqi6&%*e}V$ase_kFlTekcpW|gUORAjj5gK8#4{F60-~QGv;RIbvPwl z0giw_gSWspSg2W)S#GhUvUITQurjh~QU${YdPlQ**P9#HQRFqg$ zT{KLzUUXNCPs~9qTWnICQd~zoLcC2JB_S!{Em0w{F3B!=Lo!oxLW)XCUn)kbM;b?3 zMLJBnQTkX$LdI9-waj-}epy%9m$GYeTyhR_`EpD07v*i`bLHn1SQKt3JXe@kWL30P ze4)6g#HM7gRH(G7%%kk0T&BFOBBbK2Qls)iRYo;L_5EeYWsS>Gmj~1+)UK(etIeuk zRCiJ@Ro~GN*SMqc{tC_&?JG~OOlUG`+G&<(?r2GBg=lqX6KNZ1r)w`><-O{CwLu50 zqotFm^F^0K*IlEO-f9Dm|iwbFr7COGz&57yH0-{alPIgW^Q6$Xnts+W|3sEVkvGJ zZaHqnWff@EYfW!`%eu*i)W+7P`UcJo(;F{uoZ0HxzOX&Ksd+Q==8m1JU5eeNy^{Si z`*jC-hXjXJM|sBt$2BK;r$nc9XGP~^=WhsAL^@*E<%&y=%MVvQ*CJQUEz?_-Zg_4t z+}^rVxVyS{crbeedJK8;d4_w=d&zhudF^;>dl&kEe5`!xeW|d;RKFj$-y^>Te+B;x ze`J73Ky@H_pnG8dZQk3DZ?6Wa2Nm3b-m$yW7R(xaFL)tDIV3j}6nZnXEsQPfVc5!D zjl0G72=2Mw`*>gIe!~5O2c{1i9x^?=`*7)z#-q}3l5p?vi3r(#J@1Mw2^*-vnvxIYVWmSvyHFPGO>@K@wk(o{yj0$%yO+NiowHU3)rbz8Mmb;TQwH<>k*HBq&o z+S|1|bUL1|0*P+MPXJ>Rs*K%H1tJ@;!~cGQDphhCHkGPYYQv!&cF~*O_wfm6F3{4^b8vET^YDs^OGrvd%cx#fQ`fknsbyq* z&BPR2_SxAxI665aTzq`}`~w1S2R(TBC_Ezaaa2O$v!vvd)U@;$dHDr}Ma3mAUsu1W zsjaJj+tAkD(b?7A)B9m~WOQtNV)FCU!s62M%GcGk^^M)V{e#1!AIRgAb6(i^{G#=n z+5g~$bpi+sg+idPb6y~Dz&UYpC=RPIE`_oI%+`zYqR2fwDwU_XRjv4JqJ}%vH@$}l zXxPOTICjse{bcr^5xf6iG5byI53ebJ2m-#)Zx*la@v*+2?kik$C_kQi2+_LRnD9V zVSuL&dMBrXsEe>JFW6~ESX+xkK+=iy0uHud*9R&6y8%AR5vBki`?u;s&r*ta7;YKr1ZnOIw&tBoJlc)EkYu}2 z@n$in%=A(V)qsl3@yO)UTqafNd>7R*7rKvZCcFb0?1OMr-Zp0ql4I$yt#{mzSx1K* z2gfLXp4Z^ZD(ZtXN*uYx`(d+TzU&x47M>lLW~je#rmbh89GrE93kgr;L&;1Wu%12a z;~RcTlo@uozaDo$Coe8P_rA7ku6^e%gU*-NS2dPig+|+aYGztsB6>k_XY^SCa<8(D z8yT}#B*9V9D>!i|OK_Ul{X5M6i1xo26pOXc!HO^cmJ)X4*&#B+HxOqrD@LHXSWn6P2jO;0JVo{S#nA7obM=X>2AS_>vdu@4f;D_R0ee?4$LXjP7OD z!xFh0e4Gw!=06=thbq7(LO5~`z0h*vT~k>+AAiiKj{)jh4j#iZk+~Rv{fG;_fC1Jg z;m-)iTb|FZ?(t2&YT_aL$geP9rLs3WKzdk5LatXBRD}V2?NOpuX`#4d{#b<=@=)iKVJm10M_Zn=1N(;cti812tivTy;jQxO5Jl0!&Aup_yFr|vUDbW6G3 zi07HI++unu&s&8mj|EphxAL!Vq>VQeEqxao7`Ax=WKfiyv#dkRqP8!!svdkS%kRTy z&afyNy>S{f-!ac^id@?NjKTn4{T4(st;x~bc?Ut2?+#5A;&=2qwBZy~RgK0YHNnBJ zwozZ|H&-YJLgE#Y_UPgajEKK$n4ztUW>y$Awc*Y>+@os^+9PL?p>mTI1v>%V z${iUK7tc@1yN!#jJq3Bm5y;T)M7!R2aGL`g^&e^8vLU>it3)u1erqZBzW>+ z^fT|WrxD+rEqd7n5<0dRt3(>Td0I_iEb+Nz`H4E>zWv6T_W4=q)1%|NdXMF6_%n8f{|a75aYuvyTv0uvoA0sa6T z^X^rvw9#!#LLc_jg$$thB=LRaRHgw^%}JeLudc{wxKUEnxlVXy)dx>+O5sLzYwO^JFzgJz9~_%PZ{vm)~NOKXTDiBMwH*`ULSoK1lXRD&&pFMKU= zo`>sIXih3z3suRpRMsNoLYeY9W1WwE&OyHURC4l|QQg!eu5>m&83TxxYz|gxonGFq zxLw8*`By0aP4v;Ze8)TJ;@@cyg`nX;Fx}60xjuOWDLLb{AH6oGENQnF&@nZNW}7(7 z3R{MePJaYClJ zEk1p_aI^N2lCvSb)rsA=$LNa!;_MmCMN%`aWgSYQnz2kK5sMi!JjryaGm{5GRedbm z`q??Et(9*U21Gkn5{x$_4dcz4EKLJj1ZM7(4@xp5w>30azFuG52tsA8G@%*;OkU&L zK5;PfWA5;SO-^i261BxCL{+M5>8IEX9fe*!)*3C+(iQzuV^#QnKE6RH71R9%ls*;6 zWMgCY1D$)tYTWqL4B?;`A2gQA&(ZEKQ1)`{5%=4VQ+)n2309LCnpQa?$cdxG;e*xm z?$%^g^LiEIjXH~jQTP#=?ea-NUVTqxe|05=^Cx#&sr{C($xn{?8JiCpHg1nq^@jjsNZ%EHoEOZiJA_PZ|;hc2R*PONAD_{pKUU9(N*v_2kk{|5vm2#egARqzVIf#wPq`_6{2sA9F(BjwJ2BE)-n84_JWBXPlClfkc+AY-sNqE16DpCG z%X~RXcBi-;IkCye5Pek7ti6dl(fbZvcKmHP>*c<0P>urQYIZ%7>!$T;I)^rp4^v*) z@^_>7CZYYgU#TJDSm*~c)_C)iIGRP7xAJ#3*0q=7(O()T+)H&odf9nuQxduf#2?7F z@#JN5uRiK{s+F7Pw`LqCY%}D`*Vag_-sf6`kyt0GtocI;g zGk69%b)=YIojPoZIF!vIAv!)8HK~?=;Wn@}@`zjbzRb8Fxu*8hUaqNiMGJY|$OTs| z5*PkXziQX-=5W){9t=>Oowb{HeJogQ@#qN>-Zr8^+?7Kp=2l`YlX9w<`j9I20x_#0 z?Y4ft{nPzmo$NlrhlpXD#^k}!YjXpq0x4fkW=R){za}P`PaJv8@JnZ`&#;%xSzU`C zQ%B`A!)h~7$)OZT({EjZ?0u-DTLS(k(a*E}zaQ1D&bCOSr@Qxk?jYvE9#5e&g5$?+ zNLDK3;z@Pq7ECd~`)0ng?NAf+SWdNN7=Expo=qUd_z?zZvlc?6=#Egyf9y>9BIQ&^ zye}5{VLFe0-}8N9OwLffheF_nVXWh`1=prTtHaIaDR|FjZ-#PX!$_k)OEs?Y|FfVjDy&vtJrg=dG~rJLS;o*gmJ@+Rj|T=jga z_;g_14AOdO;K`#ea}GJ=ALQ?{GM@5>gyGsX#qke&XhrMo@|$inJ7uLAel6;+vq>?U z=iEexxE|WA`ZH+WH3X4XE{Ao!WRsVCpZ?ZM;HjuP`2+DZ#hJnW2m3vh6LOLR(}wSj z@7(!>0jBddnmJZ{R;wF%(Y(jmPY)}{8*&tj|CE=%KZ%0iZ90USyNaFgh-RjVNEwNm zMJAa+qu7ia33Tq{=JKDH0%gOPrKwxf#t1SP+aT#)-Z~7x!WMz2!BCkuPr68J4Yc444-u_#$SM|57`S3MAm+(w~@O-qjoIWuI z*DC3$Bs#Gj1u@+HOeBK0tPgwUq6kqScKI{r=v8 zU*9cd+*~Xx)e+ofmbZK$Sjr`>|G>k4F{qspUU2){5ot6AaBgAlysP%+9+xh3mI>CIVT z1#=x-uSeaMYa1S}5;MNM7O@=oqm_xzh1x;OE0ZbHYNA9`vvbZZ{(}cKGU$6-Hru$I z?43k~MDLyB2(-DzkG#bDfxfIQ^r#U?Oq{?&J`Dul*-2$$gMwBKmzFze?x3lWD1j2y zrwhK*<0FTJ+MO66FM25`!Q9MVy*J4hYh@OoB7eoCRYa+LDXD!9LN_!{B^)6fC$ zD+d#!B-byPg z@6%ns4fTTtlq58Sv=Az+D8Cu8KucP{?GbZz9^I~RQqJ(bHS&6yM=KW5 zhG>)0)|azy`IZkWWDOQ9DA1Nmm$g$%^E4UiCA~TMxORxXR#1K?r{Hm>&*p41F}#Sh z@Vuemw9)X8UN@`QCB@PLF+MzF2|r?0**bw(A{#Gz9u%0|Q4!D^=KYq|mn1oPRy5|v zkY#7oGUmY$GG5@t@v%LqvCI-(*z(NFEN#(Mw_Gnur}w1E=4UZOXGM>M;)=A}E%nj9KFYo2H{ZwNWb@jj9C{tx345<-Qh==9 zu{(-NoX=_fPJ&c-)lM2Os}%H|j+VMvJ95c41L0n=#hT)E>2*G*;PCEgw3R1e%zuizAtBIF!Di|IE=q# zhcoY3G>2+S>+0Evd(GJpDzs>@ikl;HhMVjI!1LnD`rVOFC}*zcQ~9hBd$@>1oQd-0k9bwssI20 diff --git a/authz-gw/pom.xml b/authz-gw/pom.xml deleted file mode 100644 index 93224123..00000000 --- a/authz-gw/pom.xml +++ /dev/null @@ -1,223 +0,0 @@ - - - - 4.0.0 - - org.onap.aaf.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - authz-gw - Authz Gate/Wall - GW API - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - - true - 30 - 1.0.0-SNAPSHOT - 1.0.0-SNAPSHOT - java - true - jacoco - ${project.build.directory}/surefire-reports - ${project.build.directory}/coverage-reports/jacoco.exec - ${project.build.directory}/coverage-reports/jacoco-it.exec - true - ${project.version} - https://nexus.onap.org - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - - - - - org.onap.aaf.authz - authz-core - ${project.version} - - - - javax.servlet - servlet-api - - - - - - org.onap.aaf.cadi - cadi-aaf - ${project.cadiVersion} - - - - - - - - - - - org.codehaus.mojo - jaxb2-maven-plugin - - - org.apache.maven.plugins - maven-jar-plugin - - - **/*.class - - - 2.3.1 - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - 0.7.7.201606060606 - - true - - org.onap.aaf.* - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco.exec - - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco-it.exec - - - - - - merge - - post-integration-test - - - - ${project.build.directory}/coverage-reports - - *.exec - - - - ${project.build.directory}/jacoco-dev.exec - - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - - diff --git a/authz-gw/src/main/config/authGW.props b/authz-gw/src/main/config/authGW.props deleted file mode 100644 index 294db359..00000000 --- a/authz-gw/src/main/config/authGW.props +++ /dev/null @@ -1,33 +0,0 @@ -## -## AUTHZ GateWall (authz-gw) Properties -## - -hostname=_HOSTNAME_ - -## DISCOVERY (DME2) Parameters on the Command Line -AFT_LATITUDE=_AFT_LATITUDE_ -AFT_LONGITUDE=_AFT_LONGITUDE_ -AFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -AFT_ENV_CONTEXT=_ENV_CONTEXT_ - -DEPLOYED_VERSION=_ARTIFACT_VERSION_ - -## Pull in common/security properties - -cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props - - -##DME2 related parameters -DMEServiceName=service=com.att.authz.authz-gw/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ -AFT_DME2_PORT_RANGE=_AUTHZ_GW_PORT_RANGE_ - -# Turn on both AAF TAF & LUR 2.0 -aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ - -# CSP -csp_domain=PROD - -# GUI Login Page -cadi_loginpage_url=https://DME2RESOLVE/service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_/login - - diff --git a/authz-gw/src/main/config/log4j.properties b/authz-gw/src/main/config/log4j.properties deleted file mode 100644 index fb5f22cb..00000000 --- a/authz-gw/src/main/config/log4j.properties +++ /dev/null @@ -1,79 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -############################################################################### -# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -############################################################################### -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init} -log4j.appender.INIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.INIT.layout=org.apache.log4j.PatternLayout -log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.GW=org.apache.log4j.DailyRollingFileAppender -log4j.appender.GW.File=_LOG_DIR_/${LOG4J_FILENAME_gw} -log4j.appender.GW.DatePattern='.'yyyy-MM-dd -#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.GW.layout=org.apache.log4j.PatternLayout -log4j.appender.GW.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit} -log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN -log4j.logger.org.apache=WARN,INIT -log4j.logger.dme2=WARN,INIT -log4j.logger.init=INFO,INIT -log4j.logger.gw=_LOG4J_LEVEL_,GW -log4j.logger.audit=INFO,AUDIT - diff --git a/authz-gw/src/main/config/lrm-authz-gw.xml b/authz-gw/src/main/config/lrm-authz-gw.xml deleted file mode 100644 index f48470d5..00000000 --- a/authz-gw/src/main/config/lrm-authz-gw.xml +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - com.att.authz._ARTIFACT_ID_ - - _MAJOR_VER_ - _MINOR_VER_ - _PATCH_VER_ - - _ROUTE_OFFER_ - - Java - com.att.authz.gw.GwAPI - - process.workdir - _ROOT_DIR_ - - - jvm.version - 1.8 - - - jvm.args - -DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 - - - jvm.classpath - _ROOT_DIR_/etc:_ROOT_DIR_/lib/*: - - - jvm.heap.min - 512m - - - jvm.heap.max - 2048m - - - start.class - com.att.authz.gw.GwAPI - - - stdout.redirect - _ROOT_DIR_/logs/SystemOut.log - - - stderr.redirect - _ROOT_DIR_/logs/SystemErr.log - - aft - AUTO - 4 - _RESOURCE_MIN_COUNT_ - _RESOURCE_MAX_COUNT_ - _RESOURCE_REGISTRATION_ - com.att.authz:_ARTIFACT_ID_ - _ARTIFACT_VERSION_ - - diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java deleted file mode 100644 index 5872e7d3..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java +++ /dev/null @@ -1,248 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw; - -import java.net.HttpURLConnection; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.gw.api.API_AAFAccess; -import org.onap.aaf.authz.gw.api.API_Api; -import org.onap.aaf.authz.gw.api.API_Find; -import org.onap.aaf.authz.gw.api.API_Proxy; -import org.onap.aaf.authz.gw.api.API_TGuard; -import org.onap.aaf.authz.gw.facade.GwFacade_1_0; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.server.AbsServer; -import org.onap.aaf.cache.Cache; -import org.onap.aaf.cache.Cache.Dated; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import com.att.aft.dme2.api.DME2Exception; - -import com.att.aft.dme2.api.DME2Manager; -import com.att.aft.dme2.api.DME2Server; -import com.att.aft.dme2.api.DME2ServerProperties; -import com.att.aft.dme2.api.DME2ServiceHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType; -import com.att.aft.dme2.api.util.DME2ServletHolder; -import org.onap.aaf.cadi.CadiException; -//import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; -import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.inno.env.APIException; - -public class GwAPI extends AbsServer { - private static final String USER_PERMS = "userPerms"; - private GwFacade_1_0 facade; // this is the default Facade - private GwFacade_1_0 facade_1_0_XML; - public Map cacheUser; - public final String aafurl; - public final AAFAuthn aafAuthn; - public final AAFLurPerm aafLurPerm; - public DME2Manager dme2Man; - - - /** - * Construct AuthzAPI with all the Context Supporting Routes that Authz needs - * - * @param env - * @param si - * @param dm - * @param decryptor - * @throws APIException - */ - public GwAPI(AuthzEnv env) throws Exception { - super(env,"AAF GW"); - aafurl = env.getProperty(Config.AAF_URL); - - // Setup Logging - //env.setLog4JNames("log4j.properties","authz","gw","audit","init","trace"); - - aafLurPerm = aafCon.newLur(); - // Note: If you need both Authn and Authz construct the following: - aafAuthn = aafCon.newAuthn(aafLurPerm); - - // Initialize Facade for all uses - //AuthzTrans trans = env.newTrans(); - - // facade = GwFacadeFactory.v1_0(env,trans,Data.TYPE.JSON); // Default Facade - // facade_1_0_XML = GwFacadeFactory.v1_0(env,trans,Data.TYPE.XML); - - synchronized(env) { - if(cacheUser == null) { - cacheUser = Cache.obtain(USER_PERMS); - //Cache.startCleansing(env, USER_PERMS); - Cache.addShutdownHook(); // Setup Shutdown Hook to close cache - } - } - - //////////////////////////////////////////////////////////////////////////// - // Time Critical - // These will always be evaluated first - //////////////////////////////////////////////////////////////////////// - API_AAFAccess.init(this,facade); - API_Find.init(this, facade); - API_TGuard.init(this, facade); - API_Proxy.init(this, facade); - - //////////////////////////////////////////////////////////////////////// - // Management APIs - //////////////////////////////////////////////////////////////////////// - // There are several APIs around each concept, and it gets a bit too - // long in this class to create. The initialization of these Management - // APIs have therefore been pushed to StandAlone Classes with static - // init functions - API_Api.init(this, facade); - - //////////////////////////////////////////////////////////////////////// - // Default Function - //////////////////////////////////////////////////////////////////////// - API_AAFAccess.initDefault(this,facade); - - } - - /** - * Setup XML and JSON implementations for each supported Version type - * - * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties - * to do Versions and Content switches - * - */ - public void route(HttpMethods meth, String path, API api, GwCode code) throws Exception { - String version = "1.0"; - // Get Correct API Class from Mapper - Class respCls = facade.mapper().getClass(api); - if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); - // setup Application API HTML ContentTypes for JSON and Route - String application = applicationJSON(respCls, version); - //route(env,meth,path,code,application,"application/json;version="+version,"*/*"); - - // setup Application API HTML ContentTypes for XML and Route - application = applicationXML(respCls, version); - //route(env,meth,path,code.clone(facade_1_0_XML,false),application,"text/xml;version="+version); - - // Add other Supported APIs here as created - } - - public void routeAll(HttpMethods meth, String path, API api, GwCode code) throws Exception { - //route(env,meth,path,code,""); // this will always match - } - - - /** - * Start up AuthzAPI as DME2 Service - * @param env - * @param props - * @throws DME2Exception - * @throws CadiException - */ - public void startDME2(Properties props) throws DME2Exception, CadiException { - - dme2Man = new DME2Manager("GatewayDME2Manager",props); - - DME2ServiceHolder svcHolder; - List slist = new ArrayList(); - svcHolder = new DME2ServiceHolder(); - String serviceName = env.getProperty("DMEServiceName",null); - if(serviceName!=null) { - svcHolder.setServiceURI(serviceName); - svcHolder.setManager(dme2Man); - svcHolder.setContext("/"); - - - - DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[] {"/dme2","/api"}); - srvHolder.setContextPath("/*"); - slist.add(srvHolder); - - EnumSet edlist = EnumSet.of( - RequestDispatcherType.REQUEST, - RequestDispatcherType.FORWARD, - RequestDispatcherType.ASYNC - ); - - /////////////////////// - // Apply Filters - /////////////////////// - List flist = new ArrayList(); - - // Leave Login page un secured - // AuthzTransOnlyFilter atof = new AuthzTransOnlyFilter(env); - // flist.add(new DME2FilterHolder(atof,"/login", edlist)); - - // Secure all other interactions with AuthzTransFilter -// flist.add(new DME2FilterHolder( -// new AuthzTransFilter(env, aafCon, new AAFTrustChecker( -// env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN), -// Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust" -// )), -// "/*", edlist)); -// - - svcHolder.setFilters(flist); - svcHolder.setServletHolders(slist); - - DME2Server dme2svr = dme2Man.getServer(); -// dme2svr.setGracefulShutdownTimeMs(1000); - - // env.init().log("Starting GW Jetty/DME2 server..."); - dme2svr.start(); - DME2ServerProperties dsprops = dme2svr.getServerProperties(); - try { -// if(env.getProperty("NO_REGISTER",null)!=null) - dme2Man.bindService(svcHolder); -// env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort()); - - while(true) { // Per DME2 Examples... - Thread.sleep(5000); - } - } catch(InterruptedException e) { - // env.init().log("AAF Jetty Server interrupted!"); - } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process - // env.init().log(e,"DME2 Initialization Error"); - dme2svr.stop(); - System.exit(1); - } - } else { - //env.init().log("Properties must contain DMEServiceName"); - } - } - - public static void main(String[] args) { - setup(GwAPI.class,"authGW.props"); - } - -// public void route(PropAccess env, HttpMethods get, String string, GwCode gwCode, String string2, String string3, -// String string4) { -// // TODO Auto-generated method stub -// -// } - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java deleted file mode 100644 index a9e6eb21..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.cssa.rserv.HttpCode; - -public abstract class GwCode extends HttpCode implements Cloneable { - public boolean useJSON; - - public GwCode(GwFacade facade, String description, boolean useJSON, String ... roles) { - super(facade, description, roles); - this.useJSON = useJSON; - } - - public D clone(GwFacade facade, boolean useJSON) throws Exception { - @SuppressWarnings("unchecked") - D d = (D)clone(); - d.useJSON = useJSON; - d.context = facade; - return d; - } - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java deleted file mode 100644 index 202ec58e..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java +++ /dev/null @@ -1,363 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.api; - -import java.io.IOException; -import java.net.ConnectException; -import java.net.MalformedURLException; -import java.net.URI; -import java.security.Principal; - -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.GwAPI; -import org.onap.aaf.authz.gw.GwCode; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cache.Cache.Dated; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import com.att.aft.dme2.internal.jetty.http.HttpStatus; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.Locator; -import org.onap.aaf.cadi.Locator.Item; -import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.dme2.DME2Locator; -import org.onap.aaf.cadi.principal.BasicPrincipal; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; - -public class API_AAFAccess { - private static final String AUTHZ_DME2_GUI = "com.att.authz.authz-gui"; - static final String AFT_ENVIRONMENT="AFT_ENVIRONMENT"; - static final String AFT_ENV_CONTEXT="AFT_ENV_CONTEXT"; - static final String AFTUAT="AFTUAT"; - - private static final String PROD = "PROD"; - private static final String IST = "IST"; // main NONPROD system - private static final String PERF = "PERF"; - private static final String TEST = "TEST"; - private static final String DEV = "DEV"; - -// private static String service, version, envContext; - private static String routeOffer; - - private static final String GET_PERMS_BY_USER = "Get Perms by User"; - private static final String USER_HAS_PERM ="User Has Perm"; -// private static final String USER_IN_ROLE ="User Has Role"; - private static final String BASIC_AUTH ="AAF Basic Auth"; - - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception { - String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT); - if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set"); - - int equals, count=0; - for(int slash = gwAPI.aafurl.indexOf('/');slash>0;++count) { - equals = gwAPI.aafurl.indexOf('=',slash)+1; - slash = gwAPI.aafurl.indexOf('/',slash+1); - switch(count) { - case 2: -// service = gwAPI.aafurl.substring(equals, slash); - break; - case 3: -// version = gwAPI.aafurl.substring(equals, slash); - break; - case 4: -// envContext = gwAPI.aafurl.substring(equals, slash); - break; - case 5: - routeOffer = gwAPI.aafurl.substring(equals); - break; - } - } - if(count<6) throw new MalformedURLException(gwAPI.aafurl); - - gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new GwCode(facade,GET_PERMS_BY_USER, true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB); - try { - final String accept = req.getHeader("ACCEPT"); - final String user = pathParam(req,":user"); - if(!user.contains("@")) { - context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user); - return; - } - String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json"); - TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB); - Dated d; - try { - d = gwAPI.cacheUser.get(key); - } finally { - tt2.done(); - } - - if(d==null || d.data.isEmpty()) { - tt2 = trans.start("AAF Service Call",Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fp = client.read("/authz/perms/user/"+user,accept); - if(fp.get(5000)) { - gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()))); - resp.setStatus(HttpStatus.OK_200); - ServletOutputStream sos; - try { - sos = resp.getOutputStream(); - sos.print(fp.value); - } catch (IOException e) { - throw new CadiException(e); - } - } else { - gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()))); - context.error(trans,resp,fp.code(),fp.body()); - } - return null; - } - }); - } finally { - tt2.done(); - } - } else { - User u = (User)d.data.get(0); - resp.setStatus(u.code); - ServletOutputStream sos = resp.getOutputStream(); - sos.print(u.resp); - } - } finally { - tt.done(); - } - } - }); - - gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new GwCode(facade,BASIC_AUTH, true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception { - Principal p = trans.getUserPrincipal(); - if(p == null) { - trans.error().log("Transaction not Authenticated... no Principal"); - resp.setStatus(HttpStatus.FORBIDDEN_403); - } else if (p instanceof BasicPrincipal) { - // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok - // otherwise, it wouldn't have gotten here. - resp.setStatus(HttpStatus.OK_200); - } else { - trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans"); - // For Auth Security questions, we don't give any info to client on why failed - resp.setStatus(HttpStatus.FORBIDDEN_403); - } - } - },"text/plain","*/*","*"); - - /** - * Query User Has Perm - */ - gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new GwCode(facade,USER_HAS_PERM, true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - resp.getOutputStream().print( - gwAPI.aafLurPerm.fish(pathParam(req,":user"), new AAFPermission( - pathParam(req,":type"), - pathParam(req,":instance"), - pathParam(req,":action")))); - resp.setStatus(HttpStatus.OK_200); - } catch(Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - - if(AFTUAT.equals(aftenv)) { - gwAPI.route(HttpMethods.GET,"/ist/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access UAT GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try{ - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), IST, routeOffer), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - - gwAPI.route(HttpMethods.GET,"/test/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access TEST GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try{ - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), TEST, routeOffer), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - - gwAPI.route(HttpMethods.GET,"/perf/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access PERF GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try{ - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PERF, routeOffer), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - - gwAPI.route(HttpMethods.GET,"/dev/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access DEV GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), DEV, routeOffer), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - } else { - gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access PROD GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PROD, routeOffer), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - } - - } - - public static void initDefault(final GwAPI gwAPI, GwFacade facade) throws Exception { - String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT); - if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set"); - - String aftctx = gwAPI.env.getProperty(AFT_ENV_CONTEXT); - if(aftctx==null) throw new Exception(AFT_ENV_CONTEXT + " must be set"); - - /** - * "login" url - */ - gwAPI.route(HttpMethods.GET,"/login",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), - "login"); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - - /** - * Default URL - */ - gwAPI.route(HttpMethods.GET,"/",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), - "gui/home"); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - } - - private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, GwFacade context, Locator loc, String path) throws IOException { - try { - if(loc.hasItems()) { - Item item = loc.best(); - URI uri = (URI) loc.get(item); - StringBuilder redirectURL = new StringBuilder(uri.toString()); - redirectURL.append('/'); - redirectURL.append(path); - String str = req.getQueryString(); - if(str!=null) { - redirectURL.append('?'); - redirectURL.append(str); - } - trans.info().log("Redirect to",redirectURL); - resp.sendRedirect(redirectURL.toString()); - } else { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo())); - } - } catch (LocatorException e) { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo())); - } - } - - private static class User { - public final int code; - public final String resp; - - public User(int code, String resp) { - this.code = code; - this.resp = resp; - } - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java deleted file mode 100644 index 0a828f92..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.api; - -import static org.onap.aaf.authz.layer.Result.OK; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.GwAPI; -import org.onap.aaf.authz.gw.GwCode; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import com.att.aft.dme2.internal.jetty.http.HttpStatus; -import org.onap.aaf.cadi.Symm; - -/** - * API Apis - * - */ -public class API_Api { - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception { - //////// - // Overall APIs - /////// - gwAPI.route(HttpMethods.GET,"/api",API.VOID,new GwCode(facade,"Document API", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result r = context.getAPI(trans,resp,gwAPI); - switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); - break; - default: - context.error(trans,resp,r); - } - - } - }); - - //////// - // Overall Examples - /////// - gwAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new GwCode(facade,"Document API", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String pathInfo = req.getPathInfo(); - int question = pathInfo.lastIndexOf('?'); - - pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/" - String nameOrContextType=Symm.base64noSplit.decode(pathInfo); -// String param = req.getParameter("optional"); - Result r = context.getAPIExample(trans,resp,nameOrContextType, - question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1)) - ); - switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); - break; - default: - context.error(trans,resp,r); - } - - } - }); - - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java deleted file mode 100644 index 63595f0e..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java +++ /dev/null @@ -1,87 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.api; - -import java.net.URI; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.GwAPI; -import org.onap.aaf.authz.gw.GwCode; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import org.onap.aaf.cadi.Locator; -import org.onap.aaf.cadi.Locator.Item; -import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.dme2.DME2Locator; - -/** - * API Apis.. using Redirect for mechanism - * - * - */ -public class API_Find { - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception { - //////// - // Overall APIs - /////// - gwAPI.route(HttpMethods.GET,"/dme2/:service/:version/:envContext/:routeOffer/:path*",API.VOID,new GwCode(facade,"Document API", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - //TODO cache this... - try { - Locator loc = new DME2Locator(gwAPI.env, gwAPI.dme2Man, - pathParam(req,":service"), - pathParam(req,":version"), - pathParam(req,":envContext"), - pathParam(req,":routeOffer") - ); - if(loc.hasItems()) { - Item item = loc.best(); - URI uri = (URI) loc.get(item); - String redirectURL = uri.toString() + '/' + pathParam(req,":path"); - trans.warn().log("Redirect to",redirectURL); - resp.sendRedirect(redirectURL); - } else { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo())); - } - } catch (LocatorException e) { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo())); - } - } - }); - - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java deleted file mode 100644 index 90d754ec..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java +++ /dev/null @@ -1,156 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.api; - -import java.net.ConnectException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.GwAPI; -import org.onap.aaf.authz.gw.GwCode; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import com.att.aft.dme2.internal.jetty.http.HttpStatus; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; -import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; - -/** - * API Apis.. using Redirect for mechanism - * - * - */ -public class API_Proxy { - - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception { - - String aafurl = gwAPI.env.getProperty(Config.AAF_URL); - if(aafurl==null) { - } else { - - //////// - // Transferring APIs - /////// - gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy GET", true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200); - ft.get(10000); // Covers return codes and err messages - return null; - } - }); - - } catch (CadiException | APIException e) { - trans.error().log(e); - } finally { - tt.done(); - } - } - }); - - gwAPI.routeAll(HttpMethods.POST,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy POST", true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.CREATED_201); - ft.get(10000); // Covers return codes and err messages - return null; - } - }); - } catch (CadiException | APIException e) { - trans.error().log(e); - } finally { - tt.done(); - } - } - }); - - gwAPI.routeAll(HttpMethods.PUT,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy PUT", true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200); - ft.get(10000); // Covers return codes and err messages - return null; - } - }); - } catch (CadiException | APIException e) { - trans.error().log(e); - } finally { - tt.done(); - } - } - }); - - gwAPI.routeAll(HttpMethods.DELETE,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy DELETE", true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200); - ft.get(10000); // Covers return codes and err messages - return null; - } - }); - } catch (CadiException | APIException e) { - trans.error().log(e); - } finally { - tt.done(); - } - } - }); - } - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java deleted file mode 100644 index 876782fa..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java +++ /dev/null @@ -1,75 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.api; - -import static org.onap.aaf.authz.layer.Result.OK; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.GwAPI; -import org.onap.aaf.authz.gw.GwCode; -import org.onap.aaf.authz.gw.facade.GwFacade; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.HttpMethods; - -import com.att.aft.dme2.internal.jetty.http.HttpStatus; - -/** - * API Apis - * - */ -public class API_TGuard { - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception { - String aftenv = gwAPI.env.getProperty(API_AAFAccess.AFT_ENVIRONMENT); - if(aftenv==null) throw new Exception(API_AAFAccess.AFT_ENVIRONMENT + " must be set"); - - //////// - // Do not deploy these to PROD - /////// - if(API_AAFAccess.AFTUAT.equals(aftenv)) { - gwAPI.route(HttpMethods.GET,"/tguard/:path*",API.VOID,new GwCode(facade,"TGuard Test", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result r = context.getAPI(trans,resp,gwAPI); - switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); - break; - default: - context.error(trans,resp,r); - } - } - }); - } - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java deleted file mode 100644 index e5f3919d..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.facade; - -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.RServlet; - - -/** - * - * - */ -public interface GwFacade { - -///////////////////// STANDARD ELEMENTS ////////////////// - /** - * @param trans - * @param response - * @param result - */ - void error(AuthzTrans trans, HttpServletResponse response, Result result); - - /** - * - * @param trans - * @param response - * @param status - */ - void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... detail); - - - /** - * - * @param trans - * @param resp - * @param rservlet - * @return - */ - public Result getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet rservlet); - - /** - * - * @param trans - * @param resp - * @param typeCode - * @param optional - * @return - */ - public abstract Result getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional); - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java deleted file mode 100644 index 30f9ce2a..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java +++ /dev/null @@ -1,48 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.facade; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.mapper.Mapper_1_0; -import org.onap.aaf.authz.gw.service.GwServiceImpl; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data; - -import gw.v1_0.Error; -import gw.v1_0.InRequest; -import gw.v1_0.Out; - - -public class GwFacadeFactory { - public static GwFacade_1_0 v1_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type) throws APIException { - return new GwFacade_1_0(env, - new GwServiceImpl< - InRequest, - Out, - Error>(trans,new Mapper_1_0()), - type); - } - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java deleted file mode 100644 index fa610669..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java +++ /dev/null @@ -1,258 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.facade; - - -import static org.onap.aaf.authz.layer.Result.ERR_ActionNotCompleted; -import static org.onap.aaf.authz.layer.Result.ERR_BadData; -import static org.onap.aaf.authz.layer.Result.ERR_ConflictAlreadyExists; -import static org.onap.aaf.authz.layer.Result.ERR_Denied; -import static org.onap.aaf.authz.layer.Result.ERR_NotFound; -import static org.onap.aaf.authz.layer.Result.ERR_NotImplemented; -import static org.onap.aaf.authz.layer.Result.ERR_Policy; -import static org.onap.aaf.authz.layer.Result.ERR_Security; - -import java.lang.reflect.Method; - -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.mapper.Mapper; -import org.onap.aaf.authz.gw.mapper.Mapper.API; -import org.onap.aaf.authz.gw.service.GwService; -import org.onap.aaf.authz.gw.service.GwServiceImpl; -import org.onap.aaf.authz.layer.FacadeImpl; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.RServlet; -import org.onap.aaf.cssa.rserv.RouteReport; -import org.onap.aaf.cssa.rserv.doc.ApiDoc; - -import org.onap.aaf.cadi.aaf.client.Examples; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data; -import org.onap.aaf.inno.env.Data.TYPE; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.rosetta.env.RosettaDF; - -import gw.v1_0.Api; - -/** - * AuthzFacade - * - * This Service Facade encapsulates the essence of the API Service can do, and provides - * a single created object for elements such as RosettaDF. - * - * The Responsibilities of this class are to: - * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage) - * 2) Validate incoming data (if applicable) - * 3) Convert the Service response into the right Format, and mark the Content Type - * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request. - * 4) Log Service info, warnings and exceptions as necessary - * 5) When asked by the API layer, this will create and write Error content to the OutputStream - * - * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be - * clearly coordinated with the API Documentation - * - * - */ -public abstract class GwFacadeImpl extends FacadeImpl implements GwFacade - { - private GwService service; - - private final RosettaDF errDF; - private final RosettaDF apiDF; - - public GwFacadeImpl(AuthzEnv env, GwService service, Data.TYPE dataType) throws APIException { - this.service = service; - (errDF = env.newDataFactory(mapper().getClass(API.ERROR))).in(dataType).out(dataType); - (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType); - } - - public Mapper mapper() { - return service.mapper(); - } - - /* (non-Javadoc) - * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int) - * - * Note: Conforms to AT&T TSS RESTful Error Structure - */ - @Override - public void error(AuthzTrans trans, HttpServletResponse response, Result result) { - String msg = result.details==null?"":result.details.trim(); - String[] detail; - if(result.variables==null) { - detail = new String[1]; - } else { - int l = result.variables.length; - detail=new String[l+1]; - System.arraycopy(result.variables, 0, detail, 1, l); - } - error(trans, response, result.status,msg,detail); - } - - @Override - public void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... _detail) { - String[] detail = _detail; - if(detail.length==0) { - detail=new String[1]; - } - String msgId; - switch(status) { - case 202: - case ERR_ActionNotCompleted: - msgId = "SVC1202"; - detail[0] = "Accepted, Action not complete"; - response.setStatus(/*httpstatus=*/202); - break; - - case 403: - case ERR_Policy: - case ERR_Security: - case ERR_Denied: - msgId = "SVC1403"; - detail[0] = "Forbidden"; - response.setStatus(/*httpstatus=*/403); - break; - - case 404: - case ERR_NotFound: - msgId = "SVC1404"; - detail[0] = "Not Found"; - response.setStatus(/*httpstatus=*/404); - break; - - case 406: - case ERR_BadData: - msgId="SVC1406"; - detail[0] = "Not Acceptable"; - response.setStatus(/*httpstatus=*/406); - break; - - case 409: - case ERR_ConflictAlreadyExists: - msgId = "SVC1409"; - detail[0] = "Conflict Already Exists"; - response.setStatus(/*httpstatus=*/409); - break; - - case 501: - case ERR_NotImplemented: - msgId = "SVC1501"; - detail[0] = "Not Implemented"; - response.setStatus(/*httpstatus=*/501); - break; - - - default: - msgId = "SVC1500"; - detail[0] = "General Service Error"; - response.setStatus(/*httpstatus=*/500); - break; - } - - try { - StringBuilder holder = new StringBuilder(); - errDF.newData(trans).load( - mapper().errorFromMessage(holder,msgId,msg,detail)).to(response.getOutputStream()); - trans.checkpoint( - "ErrResp [" + - msgId + - "] " + - holder.toString(), - Env.ALWAYS); - } catch (Exception e) { - trans.error().log(e,"unable to send response for",msg); - } - } - - /* (non-Javadoc) - * @see com.att.authz.facade.AuthzFacade#getAPI(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse) - */ - public final static String API_REPORT = "apiReport"; - @Override - public Result getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet rservlet) { - TimeTaken tt = trans.start(API_REPORT, Env.SUB); - try { - Api api = new Api(); - Api.Route ar; - Method[] meths = GwServiceImpl.class.getDeclaredMethods(); - for(RouteReport rr : rservlet.routeReport()) { - api.getRoute().add(ar = new Api.Route()); - ar.setMeth(rr.meth.name()); - ar.setPath(rr.path); - ar.setDesc(rr.desc); - ar.getContentType().addAll(rr.contextTypes); - for(Method m : meths) { - ApiDoc ad; - if((ad = m.getAnnotation(ApiDoc.class))!=null && - rr.meth.equals(ad.method()) && - rr.path.equals(ad.path())) { - for(String param : ad.params()) { - ar.getParam().add(param); - } - for(String text : ad.text()) { - ar.getComments().add(text); - } - ar.setExpected(ad.expectedCode()); - for(int ec : ad.errorCodes()) { - ar.getExplicitErr().add(ec); - } - } - } - } - apiDF.newData(trans).load(api).to(resp.getOutputStream()); - setContentType(resp,apiDF.getOutType()); - return Result.ok(); - - } catch (Exception e) { - trans.error().log(e,IN,API_REPORT); - return Result.err(e); - } finally { - tt.done(); - } - } - - public final static String API_EXAMPLE = "apiExample"; - /* (non-Javadoc) - * @see com.att.authz.facade.AuthzFacade#getAPIExample(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) { - TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB); - try { - String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); - resp.getOutputStream().print(content); - setContentType(resp,content.contains(" -{ - public GwFacade_1_0(AuthzEnv env, GwService service, Data.TYPE type) throws APIException { - super(env, service, type); - } -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java deleted file mode 100644 index 230e1b3a..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java +++ /dev/null @@ -1,33 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.mapper; - -public interface Mapper -{ - public enum API{IN_REQ,OUT,ERROR,VOID}; - public Class getClass(API api); - public A newInstance(API api); - - public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail); - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java deleted file mode 100644 index ba87631e..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java +++ /dev/null @@ -1,69 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.mapper; - -import org.onap.aaf.cadi.util.Vars; - -import gw.v1_0.Error; -import gw.v1_0.InRequest; -import gw.v1_0.Out; - -public class Mapper_1_0 implements Mapper { - - @Override - public Class getClass(API api) { - switch(api) { - case IN_REQ: return InRequest.class; - case OUT: return Out.class; - case ERROR: return Error.class; - case VOID: return Void.class; - } - return null; - } - - @SuppressWarnings("unchecked") - @Override - public A newInstance(API api) { - switch(api) { - case IN_REQ: return (A) new InRequest(); - case OUT: return (A) new Out(); - case ERROR: return (A)new Error(); - case VOID: return null; - } - return null; - } - - ////////////// Mapping Functions ///////////// - @Override - public gw.v1_0.Error errorFromMessage(StringBuilder holder, String msgID, String text,String... var) { - Error err = new Error(); - err.setMessageId(msgID); - // AT&T Restful Error Format requires numbers "%" placements - err.setText(Vars.convert(holder, text, var)); - for(String s : var) { - err.getVariables().add(s); - } - return err; - } - -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java deleted file mode 100644 index c4f240e5..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.service; - -import org.onap.aaf.authz.gw.mapper.Mapper; - -public interface GwService { - public Mapper mapper(); -} diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java deleted file mode 100644 index 90039252..00000000 --- a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java +++ /dev/null @@ -1,40 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw.service; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.gw.mapper.Mapper; - -public class GwServiceImpl - implements GwService { - - private Mapper mapper; - - public GwServiceImpl(AuthzTrans trans, Mapper mapper) { - this.mapper = mapper; - } - - public Mapper mapper() {return mapper;} - -//////////////// APIs /////////////////// -}; diff --git a/authz-gw/src/main/xsd/gw_1_0.xsd b/authz-gw/src/main/xsd/gw_1_0.xsd deleted file mode 100644 index d5716dd9..00000000 --- a/authz-gw/src/main/xsd/gw_1_0.xsd +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java b/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java deleted file mode 100644 index a820008a..00000000 --- a/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.gw; - -import static org.junit.Assert.*; - -import org.junit.Test; - -public class JU_GwAPI { - - @Test - public void test() { - fail("Not yet implemented"); - } - - @Test - public void testRoute() { - fail("Not yet implemented"); - } - - @Test - public void testRouteAll() { - fail("Not yet implemented"); - } - - @Test - public void testStartDME2() { - fail("Not yet implemented"); - } - -} diff --git a/authz-service/pom.xml b/authz-service/pom.xml deleted file mode 100644 index 0efeab7d..00000000 --- a/authz-service/pom.xml +++ /dev/null @@ -1,574 +0,0 @@ - - - - 4.0.0 - - org.onap.aaf.authz - parent - 1.0.1-SNAPSHOT - ../pom.xml - - - authz-service - Authz Service - API for Authorization and Authentication - https://github.com/att/AAF - - - - Jonathan Gathman - - ATT - - - - - - yyyy.MM.dd'T'hh.mm.ss'Z' - true - 1 - 1.0.0-SNAPSHOT - 1.0.0-SNAPSHOT - ${basedir}/target/ - opt/app/aaf/${project.artifactId}/${project.version} - java - true - jacoco - ${project.build.directory}/surefire-reports - ${project.build.directory}/coverage-reports/jacoco.exec - ${project.build.directory}/coverage-reports/jacoco-it.exec - true - ${project.version} - https://nexus.onap.org - localhost:5000 - /content/repositories/snapshots/ - /content/repositories/releases/ - /content/repositories/staging/ - /content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version} - true - true - false - - - - - - org.onap.aaf.authz - authz-client - ${project.version} - - - - org.onap.aaf.authz - authz-cmd - ${project.version} - - - org.onap.aaf.authz - authz-core - ${project.version} - - - javax.servlet - servlet-api - - - - - - org.onap.aaf.authz - authz-cass - ${project.version} - - - - org.onap.aaf.authz - authz-defOrg - ${project.version} - - - - - - org.onap.aaf.inno - env - ${project.innoVersion} - - - - - org.onap.aaf.cadi - cadi-core - ${project.cadiVersion} - - - - com.att.aft - dme2 - - - - org.onap.aaf.inno - rosetta - ${project.innoVersion} - - - org.onap.aaf.cadi - cadi-aaf - ${project.cadiVersion} - - - - - - authz-service - - - - - com.spotify - docker-maven-plugin - 1.0.0 - - onap/aaf/authz-service - - ${basedir}/src/main/resources/docker - - latest - ${project.docker.latesttagtimestamp.version} - ${project.docker.latesttag.version} - - true - - - - / - ${project.build.directory}/opt - ${project.build.finalName}.jar - - - / - ${project.build.directory} - **/** - - - - - - build-image - package - - build - - - ${skip.docker.build} - - - - - tag-image-project-version - package - - tag - - - onap/aaf/authz-service - ${docker.push.registry}/onap/aaf/authz-service:${project.version} - ${skip.docker.push} - - - - - tag-image-latest - package - - tag - - - onap/aaf/authz-service - ${docker.push.registry}/onap/aaf/authz-service:latest - ${skip.docker.push} - - - - - push-image-latest - deploy - - push - - - ${docker.push.registry}/onap/aaf/authz-service:${project.version} - ${skip.docker.push} - - - - - push-image - deploy - - push - - - ${docker.push.registry}/onap/aaf/authz-service:latest - ${skip.docker.push} - - - - - - - maven-resources-plugin - 2.7 - - - copy-docker-file - package - - copy-resources - - - ${dockerLocation} - true - - - ${basedir}/src/main/resources/docker - true - - **/* - - - - - - - copy-resources-1 - validate - - copy-resources - - - ${project.build.directory}/opt/dme2reg/ - - - ${project.basedir}/src/main/resources/dme2reg/ - - **/*.txt - - - - - - - copy-resources-2 - validate - - copy-resources - - - ${project.build.directory}/opt/app/aaf/authz-service/etc - - - ${project.basedir}/src/main/resources/etc - - **/** - - - - - - - - copy-resources-3 - validate - - copy-resources - - - ${project.build.directory}/opt/app/aaf/authz-service/lib - - - ${project.basedir}/../authz-cmd/target - - **/*.jar - - - - - - - copy-resources-4 - validate - - copy-resources - - - ${project.build.directory}/opt/app/aaf/authz-service/ - - - ${project.basedir}/../authz-cmd - - **/aafcli.sh - - - - - - - copy-resources-5 - validate - - copy-resources - - - ${project.build.directory}/opt/app/aaf/authz-service/etc/ - - - ${project.basedir}/src/main/config - - **/** - - - - - - - copy-resources-6 - validate - - copy-resources - - - ${project.build.directory}/opt/app/aaf/authz-service/etc/data - - - ${project.basedir}/../opt/app/aaf/data - - **/** - - - - - - - - - org.apache.maven.plugins - maven-dependency-plugin - 2.10 - - - copy-dependencies - package - - copy-dependencies - - - ${project.build.directory}/opt/app/aaf/authz-service/lib - false - false - true - - - - - - - org.codehaus.mojo - exec-maven-plugin - 1.5.0 - - java - - -DAFT_LATITUDE=33 - -DAFT_LONGITUDE=-84 - -DAFT_ENVIRONMENT=AFTUAT - - -XX:NewRatio=3 - -XX:+PrintGCTimeStamps - -XX:+PrintGCDetails - -Xloggc:gc.log - -classpath - - - - - org.onap.aaf.authz.service.AuthAPI - - service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=Dev - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - *.properties - - - 2.3.1 - - - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.10.4 - - false - - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar-no-fork - - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ${nexusproxy} - 176c31dfe190a - ecomp-staging - - - - org.jacoco - jacoco-maven-plugin - 0.7.7.201606060606 - - true - - org.onap.aaf.* - - - - - pre-unit-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco.exec - - - - - pre-integration-test - pre-integration-test - - prepare-agent - - - ${project.build.directory}/coverage-reports/jacoco-it.exec - - - - - - merge - - post-integration-test - - - - ${project.build.directory}/coverage-reports - - *.exec - - - - ${project.build.directory}/jacoco-dev.exec - - - - - - - - - - - - - - ecomp-releases - AAF Release Repository - ${nexusproxy}${releaseNexusPath} - - - ecomp-snapshots - AAF Snapshot Repository - ${nexusproxy}${snapshotNexusPath} - - - ecomp-site - dav:${nexusproxy}${sitePath} - - - - - docker - - true - false - false - false - - - - diff --git a/authz-service/src/main/assemble/swm.xml b/authz-service/src/main/assemble/swm.xml deleted file mode 100644 index 561d7b4b..00000000 --- a/authz-service/src/main/assemble/swm.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - swm - - zip - - - ${artifactId} - - - target/swm - - - diff --git a/authz-service/src/main/config/log4j.properties b/authz-service/src/main/config/log4j.properties deleted file mode 100644 index b4fa1166..00000000 --- a/authz-service/src/main/config/log4j.properties +++ /dev/null @@ -1,99 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -############################################################################### -# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. -############################################################################### -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init} -log4j.appender.INIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.INIT.layout=org.apache.log4j.PatternLayout -log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - - -log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender -log4j.appender.SRVR.File=logs/${LOG4J_FILENAME_authz} -log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd -#log4j.appender.SRVR.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.SRVR.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout -log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n - -log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit} -log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd -#log4j.appender.AUDIT.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.AUDIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.TRACE=org.apache.log4j.DailyRollingFileAppender -log4j.appender.TRACE.File=logs/${LOG4J_FILENAME_trace} -log4j.appender.TRACE.DatePattern='.'yyyy-MM-dd -#log4j.appender.TRACE.MaxFileSize=_MAX_LOG_FILE_SIZE_ -#log4j.appender.TRACE.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_ -log4j.appender.TRACE.layout=org.apache.log4j.PatternLayout -log4j.appender.TRACE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN -log4j.logger.org.apache=WARN,INIT -log4j.logger.dme2=WARN,INIT -log4j.logger.init=INFO,INIT -log4j.logger.authz=_LOG4J_LEVEL_,SRVR -log4j.logger.audit=INFO,AUDIT -log4j.logger.trace=TRACE,TRACE - - -log4j.appender.SVR=org.apache.log4j.RollingFileAppender -log4j.appender.SVR.File=${user.home}/.aaf/authz-cmd.log -log4j.appender.SVR.MaxFileSize=10000KB -log4j.appender.SVR.MaxBackupIndex=1 -log4j.appender.SVR.layout=org.apache.log4j.PatternLayout -log4j.appender.SVR.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN,SVR diff --git a/authz-service/src/main/config/lrm-authz-service.xml b/authz-service/src/main/config/lrm-authz-service.xml deleted file mode 100644 index ef14fbdf..00000000 --- a/authz-service/src/main/config/lrm-authz-service.xml +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - com.att.authz._ARTIFACT_ID_ - - _MAJOR_VER_ - _MINOR_VER_ - _PATCH_VER_ - - _ROUTE_OFFER_ - - Java - com.att.authz.service.AuthzAPI - - process.workdir - _ROOT_DIR_ - - - jvm.version - 1.8 - - - jvm.args - -DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 - - - jvm.classpath - _ROOT_DIR_/etc:_ROOT_DIR_/lib/*: - - - jvm.heap.min - 1024m - - - jvm.heap.max - 2048m - - - start.class - com.att.authz.service.AuthAPI - - - stdout.redirect - _ROOT_DIR_/logs/SystemOut.log - - - stderr.redirect - _ROOT_DIR_/logs/SystemErr.log - - aft - AUTO - 2 - _RESOURCE_MIN_COUNT_ - _RESOURCE_MAX_COUNT_ - _RESOURCE_REGISTRATION_ - com.att.authz:_ARTIFACT_ID_ - _ARTIFACT_VERSION_ - - diff --git a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFLur.java b/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFLur.java deleted file mode 100644 index 67dc7540..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFLur.java +++ /dev/null @@ -1,170 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.cadi; - -import static org.onap.aaf.authz.layer.Result.OK; - -import java.security.Principal; -import java.util.List; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.PermDAO.Data; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.cadi.Lur; -import org.onap.aaf.cadi.Permission; - -public class DirectAAFLur implements Lur { - private final AuthzEnv env; - private final Question question; - - public DirectAAFLur(AuthzEnv env, Question question) { - this.env = env; - this.question = question; - } - - @Override - public boolean fish(Principal bait, Permission pond) { - return fish(env.newTransNoAvg(),bait,pond); - } - - public boolean fish(AuthzTrans trans, Principal bait, Permission pond) { - Result> pdr = question.getPermsByUser(trans, bait.getName(),false); - switch(pdr.status) { - case OK: - for(PermDAO.Data d : pdr.value) { - if(new PermPermission(d).match(pond)) return true; - } - break; - default: - trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details); - } - return false; - } - - @Override - public void fishAll(Principal bait, List permissions) { - Result> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false); - switch(pdr.status) { - case OK: - for(PermDAO.Data d : pdr.value) { - permissions.add(new PermPermission(d)); - } - break; - default: - env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details); - } - } - - @Override - public void destroy() { - } - - @Override - public boolean handlesExclusively(Permission pond) { - return false; - } - - /** - * Small Class implementing CADI's Permission with Cassandra Data - * - */ - public static class PermPermission implements Permission { - private PermDAO.Data data; - - public PermPermission(PermDAO.Data d) { - data = d; - } - - public PermPermission(AuthzTrans trans, Question q, String p) { - data = PermDAO.Data.create(trans, q, p); - } - - public PermPermission(String ns, String type, String instance, String action) { - data = new PermDAO.Data(); - data.ns = ns; - data.type = type; - data.instance = instance; - data.action = action; - } - - @Override - public String getKey() { - return data.type; - } - - @Override - public boolean match(Permission p) { - if(p==null)return false; - PermDAO.Data pd; - if(p instanceof DirectAAFLur.PermPermission) { - pd = ((DirectAAFLur.PermPermission)p).data; - if(data.ns.equals(pd.ns)) - if(data.type.equals(pd.type)) - if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance))) - if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action))) - return true; - } else{ - String[] lp = p.getKey().split("\\|"); - if(lp.length<3)return false; - if(data.fullType().equals(lp[0])) - if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance))) - if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action))) - return true; - } - return false; - } - - @Override - public String permType() { - return "AAFLUR"; - } - - } - - public String toString() { - return "DirectAAFLur is enabled"; - - } - - @Override - public boolean supports(String userName) { - //TODO - return true; - } - - @Override - public Permission createPerm(String p) { - // TODO Auto-generated method stub - return null; - } - - @Override - public void clear(Principal p, StringBuilder report) { - // TODO Auto-generated method stub - - } -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFUserPass.java b/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFUserPass.java deleted file mode 100644 index 263c94e8..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFUserPass.java +++ /dev/null @@ -1,74 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.cadi; - -import static org.onap.aaf.authz.layer.Result.OK; - -import java.util.Date; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.cadi.CredVal; - -/** - * DirectAAFUserPass is intended to provide password Validation directly from Cassandra Database, and is only - * intended for use in AAF itself. The normal "AAF Taf" objects are, of course, clients. - * - * - */ -public class DirectAAFUserPass implements CredVal { - private final AuthzEnv env; - private final Question question; - - public DirectAAFUserPass(AuthzEnv env, Question question, String appPass) { - this.env = env; - this.question = question; - } - - @Override - public boolean validate(String user, Type type, byte[] pass) { - try { - AuthzTrans trans = env.newTransNoAvg(); - Result result = question.doesUserCredMatch(trans, user, pass); - trans.logAuditTrail(env.info()); - switch(result.status) { - case OK: - return true; - default: - - env.warn().log(user, "failed Password Validation:",result.errorString()); - } - } catch (DAOException e) { - System.out.println(" exception in DirectAAFUserPass class "); - e.printStackTrace(); - env.error().log(e,"Cannot validate User/Pass from Cassandra"); - } - return false; - } - - -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectCertIdentity.java b/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectCertIdentity.java deleted file mode 100644 index 7df3adc3..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectCertIdentity.java +++ /dev/null @@ -1,79 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.cadi; - -import java.nio.ByteBuffer; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.TransFilter; -import org.onap.aaf.dao.aaf.cached.CachedCertDAO; -import org.onap.aaf.dao.aaf.cass.CertDAO.Data; - -import org.onap.aaf.cadi.principal.X509Principal; -import org.onap.aaf.cadi.taf.cert.CertIdentity; -import org.onap.aaf.cadi.taf.cert.X509Taf; - -/** - * Direct view of CertIdentities - * - * Warning: this class is difficult to instantiate. The only service that can use it is AAF itself, and is thus - * entered in the "init" after the CachedCertDAO is created. - * - * - */ -public class DirectCertIdentity implements CertIdentity { - private static CachedCertDAO certDAO; - - @Override - public Principal identity(HttpServletRequest req, X509Certificate cert, byte[] _certBytes) throws CertificateException { - byte[] certBytes = _certBytes; - if(cert==null && certBytes==null) { - return null; - } - if(certBytes==null) { - certBytes = cert.getEncoded(); - } - byte[] fingerprint = X509Taf.getFingerPrint(certBytes); - - AuthzTrans trans = (AuthzTrans) req.getAttribute(TransFilter.TRANS_TAG); - - Result> cresp = certDAO.read(trans, ByteBuffer.wrap(fingerprint)); - if(cresp.isOKhasData()) { - Data cdata = cresp.value.get(0); - return new X509Principal(cdata.id,cert,certBytes); - } - return null; - } - - public static void set(CachedCertDAO ccd) { - certDAO = ccd; - } - -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacade.java b/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacade.java deleted file mode 100644 index 69df9c6d..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacade.java +++ /dev/null @@ -1,263 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.facade; - -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.cssa.rserv.RServlet; -import org.onap.aaf.dao.aaf.cass.NsType; - -/** - * AuthzFacade - * This layer is responsible for covering the Incoming Messages, be they XML, JSON or just entries on the URL, - * and converting them to data that can be called on the Service Layer. - * - * Upon response, this layer, because it knew the incoming Data Formats (i.e. XML/JSON), the HTTP call types - * are set on "ContentType" on Response. - * - * Finally, we wrap the call in Time Stamps with explanation of what is happing for Audit trails. - * - * - */ -public interface AuthzFacade { - public static final int PERM_DEPEND_424 = -1000; - public static final int ROLE_DEPEND_424 = -1001; - - /* - * Namespaces - */ - public abstract Result requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type); - - public abstract Result getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns); - - public abstract Result getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); - - public abstract Result getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); - - public abstract Result getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); - - public abstract Result getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String pathParam); - - public abstract Result addAdminToNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); - - public abstract Result delAdminFromNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); - - public abstract Result addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); - - public abstract Result delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); - - public abstract Result updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns); - - // NS Attribs - public abstract Result createAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value); - - public abstract Result readNsByAttrib(AuthzTrans trans, HttpServletResponse resp, String key); - - public abstract Result updAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value); - - public abstract Result delAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key); - - /* - * Permissions - */ - public abstract Result createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result getPermsByName(AuthzTrans trans, HttpServletResponse resp, - String type, String instance, String action); - - public abstract Result getPermsByUser(AuthzTrans trans, HttpServletResponse response, String user); - - public abstract Result getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest request, HttpServletResponse response, String user); - - public abstract Result getPermsByType(AuthzTrans trans, HttpServletResponse resp, String type); - - public abstract Result getPermsForRole(AuthzTrans trans, HttpServletResponse response, String roleName); - - public abstract Result getPermsByNS(AuthzTrans trans, HttpServletResponse response, String ns); - - public abstract Result renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, - String type, String instance, String action); - - public abstract Result updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deletePerm(AuthzTrans trans, HttpServletResponse resp, - String perm, String type, String action); - - /* - * Roles - */ - public abstract Result createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse response); - - public abstract Result getRolesByName(AuthzTrans trans,HttpServletResponse resp, String name); - - public abstract Result getRolesByNS(AuthzTrans trans, HttpServletResponse resp, String ns); - - public abstract Result getRolesByNameOnly(AuthzTrans trans, HttpServletResponse resp, String nameOnly); - - public abstract Result getRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user); - - public abstract Result getRolesByPerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action); - - public abstract Result updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result addPermToRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - - public abstract Result delPermFromRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deleteRole(AuthzTrans trans, HttpServletResponse resp, String role); - - /* - * Users - */ - - public abstract Result getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role); - - public abstract Result getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, - String type, String instance, String action); - - - - /* - * Delegates - */ - public abstract Result createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result deleteDelegate(AuthzTrans trans, String user); - - public abstract Result getDelegatesByUser(AuthzTrans trans, String userName, HttpServletResponse resp); - - public abstract Result getDelegatesByDelegate(AuthzTrans trans, String userName, HttpServletResponse resp); - - /* - * Credentials - */ - public abstract Result createUserCred(AuthzTrans trans, HttpServletRequest req); - - public abstract Result changeUserCred(AuthzTrans trans, HttpServletRequest req); - - public abstract Result extendUserCred(AuthzTrans trans, HttpServletRequest req, String days); - - public abstract Result getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns); - - public abstract Result getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id); - - public abstract Result deleteUserCred(AuthzTrans trans, HttpServletRequest req); - - public abstract Result validBasicAuth(AuthzTrans trans, HttpServletResponse resp, String basicAuth); - - public abstract Result doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - /* - * Miscellaneous - */ - /** - * Place Standard Messages based on HTTP Code onto Error Data Structure, and write to OutputStream - * Log message - */ - public abstract void error(AuthzTrans trans, HttpServletResponse response, Result result); - - /* - * UserRole - */ - public abstract Result requestUserRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - - public abstract Result getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role); - - public abstract Result getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role); - - public abstract Result getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user); - - public abstract Result deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role); - - public abstract Result resetUsersForRole(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req); - - public abstract Result resetRolesForUser(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req); - - public abstract Result extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user, - String role); - - /* - * Approval - */ - public abstract Result updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user); - - public abstract Result getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket); - - public abstract Result getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver); - - - /* - * History - */ - public abstract Result getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort); - - public abstract Result getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); - - public abstract Result getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); - - public abstract Result getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); - - /* - * Cache - */ - public abstract Result cacheClear(AuthzTrans trans, String pathParam); - - public abstract Result cacheClear(AuthzTrans trans, String string,String segments); - - public abstract void dbReset(AuthzTrans trans); - - - - /* - * API - */ - public Result getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet rservlet); - - public abstract Result getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional); - - public abstract Result getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id); - - - - - -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeFactory.java b/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeFactory.java deleted file mode 100644 index 8097317c..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeFactory.java +++ /dev/null @@ -1,57 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.facade; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.service.AuthzCassServiceImpl; -import org.onap.aaf.authz.service.mapper.Mapper_2_0; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data; - - -public class AuthzFacadeFactory { - public static AuthzFacade_2_0 v2_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type, Question question) throws APIException { - return new AuthzFacade_2_0(env, - new AuthzCassServiceImpl< - aaf.v2_0.Nss, - aaf.v2_0.Perms, - aaf.v2_0.Pkey, - aaf.v2_0.Roles, - aaf.v2_0.Users, - aaf.v2_0.UserRoles, - aaf.v2_0.Delgs, - aaf.v2_0.Certs, - aaf.v2_0.Keys, - aaf.v2_0.Request, - aaf.v2_0.History, - aaf.v2_0.Error, - aaf.v2_0.Approvals> - (trans,new Mapper_2_0(question),question), - type); - } - - -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeImpl.java b/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeImpl.java deleted file mode 100644 index d35a95a1..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/facade/AuthzFacadeImpl.java +++ /dev/null @@ -1,2565 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.facade; - -import static org.onap.aaf.authz.layer.Result.ERR_ActionNotCompleted; -import static org.onap.aaf.authz.layer.Result.ERR_Backend; -import static org.onap.aaf.authz.layer.Result.ERR_BadData; -import static org.onap.aaf.authz.layer.Result.ERR_ConflictAlreadyExists; -import static org.onap.aaf.authz.layer.Result.ERR_Denied; -import static org.onap.aaf.authz.layer.Result.ERR_NotFound; -import static org.onap.aaf.authz.layer.Result.ERR_NotImplemented; -import static org.onap.aaf.authz.layer.Result.ERR_Policy; -import static org.onap.aaf.authz.layer.Result.ERR_Security; -import static org.onap.aaf.authz.layer.Result.OK; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_ChoiceNeeded; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_DelegateNotFound; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_DependencyExists; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_FutureNotRequested; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_InvalidDelegate; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_NsNotFound; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_PermissionNotFound; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_RoleNotFound; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_UserNotFound; -import static org.onap.aaf.dao.aaf.cass.Status.ERR_UserRoleNotFound; - -import java.io.IOException; -import java.lang.reflect.Method; -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.FacadeImpl; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.authz.service.AuthzCassServiceImpl; -import org.onap.aaf.authz.service.AuthzService; -import org.onap.aaf.authz.service.mapper.Mapper; -import org.onap.aaf.authz.service.mapper.Mapper.API; -import org.onap.aaf.cssa.rserv.RServlet; -import org.onap.aaf.cssa.rserv.RouteReport; -import org.onap.aaf.cssa.rserv.doc.ApiDoc; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.hl.Question; - -import org.onap.aaf.cadi.aaf.client.Examples; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data; -import org.onap.aaf.inno.env.Data.TYPE; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; -import org.onap.aaf.rosetta.Marshal; -import org.onap.aaf.rosetta.env.RosettaDF; -import org.onap.aaf.rosetta.env.RosettaData; - -import aaf.v2_0.Api; - -/** - * AuthzFacade - * - * This Service Facade encapsulates the essence of the API Service can do, and provides - * a single created object for elements such as RosettaDF. - * - * The Responsibilities of this class are to: - * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage) - * 2) Validate incoming data (if applicable) - * 3) Convert the Service response into the right Format, and mark the Content Type - * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request. - * 4) Log Service info, warnings and exceptions as necessary - * 5) When asked by the API layer, this will create and write Error content to the OutputStream - * - * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be - * clearly coordinated with the API Documentation - * - * - */ -public abstract class AuthzFacadeImpl extends FacadeImpl implements AuthzFacade - { - private static final String FORBIDDEN = "Forbidden"; - private static final String NOT_FOUND = "Not Found"; - private static final String NOT_ACCEPTABLE = "Not Acceptable"; - private static final String GENERAL_SERVICE_ERROR = "General Service Error"; - private static final String NO_DATA = "***No Data***"; - private AuthzService service = null; - private final RosettaDF nssDF; - private final RosettaDF permsDF; - private final RosettaDF roleDF; - private final RosettaDF usersDF; - private final RosettaDF userrolesDF; - private final RosettaDF certsDF; - private final RosettaDF delgDF; - private final RosettaDF permRequestDF; - private final RosettaDF roleRequestDF; - private final RosettaDF userRoleRequestDF; - private final RosettaDF rolePermRequestDF; - private final RosettaDF nsRequestDF; - private final RosettaDF credRequestDF; - private final RosettaDF delgRequestDF; - private final RosettaDF historyDF; - private final RosettaDF keysDF; - - private final RosettaDF errDF; - private final RosettaDF approvalDF; - // Note: Api is not different per Version - private final RosettaDF apiDF; - - - @SuppressWarnings("unchecked") - public AuthzFacadeImpl(AuthzEnv env, AuthzService service, Data.TYPE dataType) throws APIException { - this.service = service; - (nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType); - (permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType); - (permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType); -// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType); - (roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType); - (roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType); - (usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType); - (userrolesDF = env.newDataFactory(service.mapper().getClass(API.USER_ROLES))).in(dataType).out(dataType); - (certsDF = env.newDataFactory(service.mapper().getClass(API.CERTS))).in(dataType).out(dataType) - .rootMarshal((Marshal) service.mapper().getMarshal(API.CERTS)); - ; - (userRoleRequestDF = env.newDataFactory(service.mapper().getClass(API.USER_ROLE_REQ))).in(dataType).out(dataType); - (rolePermRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_PERM_REQ))).in(dataType).out(dataType); - (nsRequestDF = env.newDataFactory(service.mapper().getClass(API.NS_REQ))).in(dataType).out(dataType); - (credRequestDF = env.newDataFactory(service.mapper().getClass(API.CRED_REQ))).in(dataType).out(dataType); - (delgRequestDF = env.newDataFactory(service.mapper().getClass(API.DELG_REQ))).in(dataType).out(dataType); - (historyDF = env.newDataFactory(service.mapper().getClass(API.HISTORY))).in(dataType).out(dataType); - ( keysDF = env.newDataFactory(service.mapper().getClass(API.KEYS))).in(dataType).out(dataType); - (delgDF = env.newDataFactory(service.mapper().getClass(API.DELGS))).in(dataType).out(dataType); - (approvalDF = env.newDataFactory(service.mapper().getClass(API.APPROVALS))).in(dataType).out(dataType); - (errDF = env.newDataFactory(service.mapper().getClass(API.ERROR))).in(dataType).out(dataType); - (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType); - } - - public Mapper mapper() { - return service.mapper(); - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#error(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int) - * - * Note: Conforms to AT&T TSS RESTful Error Structure - */ - @Override - public void error(AuthzTrans trans, HttpServletResponse response, Result result) { - String msg = result.details==null?"%s":"%s - " + result.details.trim(); - String msgId; - String[] detail; - if(result.variables==null) { - detail = new String[1]; - } else { - int l = result.variables.length; - detail=new String[l+1]; - System.arraycopy(result.variables, 0, detail, 1, l); - } - //int httpstatus; - - switch(result.status) { - case ERR_ActionNotCompleted: - msgId = "SVC1202"; - detail[0] = "Accepted, Action not complete"; - response.setStatus(/*httpstatus=*/202); - break; - - case ERR_Policy: - msgId = "SVC3403"; - detail[0] = FORBIDDEN; - response.setStatus(/*httpstatus=*/403); - break; - case ERR_Security: - msgId = "SVC2403"; - detail[0] = FORBIDDEN; - response.setStatus(/*httpstatus=*/403); - break; - case ERR_Denied: - msgId = "SVC1403"; - detail[0] = FORBIDDEN; - response.setStatus(/*httpstatus=*/403); - break; - // This is still forbidden to directly impact, but can be Requested when passed - // with "request=true" query Param - case ERR_FutureNotRequested: - msgId = "SVC2403"; - detail[0] = msg; - response.setStatus(/*httpstatus=*/403); - break; - - case ERR_NsNotFound: - msgId = "SVC2404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_RoleNotFound: - msgId = "SVC3404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_PermissionNotFound: - msgId = "SVC4404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_UserNotFound: - msgId = "SVC5404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_UserRoleNotFound: - msgId = "SVC6404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_DelegateNotFound: - msgId = "SVC7404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - case ERR_NotFound: - msgId = "SVC1404"; - detail[0] = NOT_FOUND; - response.setStatus(/*httpstatus=*/404); - break; - - case ERR_InvalidDelegate: - msgId="SVC2406"; - detail[0] = NOT_ACCEPTABLE; - response.setStatus(/*httpstatus=*/406); - break; - case ERR_BadData: - msgId="SVC1406"; - detail[0] = NOT_ACCEPTABLE; - response.setStatus(/*httpstatus=*/406); - break; - - case ERR_ConflictAlreadyExists: - msgId = "SVC1409"; - detail[0] = "Conflict Already Exists"; - response.setStatus(/*httpstatus=*/409); - break; - - case ERR_DependencyExists: - msgId = "SVC1424"; - detail[0] = "Failed Dependency"; - response.setStatus(/*httpstatus=*/424); - break; - - case ERR_NotImplemented: - msgId = "SVC1501"; - detail[0] = "Not Implemented"; - response.setStatus(/*httpstatus=*/501); - break; - - case Status.ACC_Future: - msgId = "SVC1202"; - detail[0] = "Accepted for Future, pending Approvals"; - response.setStatus(/*httpstatus=*/202); - break; - case ERR_ChoiceNeeded: - msgId = "SVC1300"; - detail = result.variables; - response.setStatus(/*httpstatus=*/300); - break; - case ERR_Backend: - msgId = "SVC2500"; - detail[0] = GENERAL_SERVICE_ERROR; - response.setStatus(/*httpstatus=*/500); - break; - - default: - msgId = "SVC1500"; - detail[0] = GENERAL_SERVICE_ERROR; - response.setStatus(/*httpstatus=*/500); - break; - } - - try { - StringBuilder holder = new StringBuilder(); - errDF.newData(trans).load( - service.mapper() - .errorFromMessage(holder,msgId,msg,detail)) - .to(response.getOutputStream()); - trans.checkpoint( - holder.toString(), -// String.format("ErrResp [" + msgId + "] " + msg,(Object[])detail), - Env.ALWAYS); - } catch (Exception e) { - trans.error().log(e,"unable to send response for",msg); - } - } - - /////////////////////////// - // Namespace - /////////////////////////// - public static final String CREATE_NS = "createNamespace"; - public static final String ADD_NS_ADMIN = "addNamespaceAdmin"; - public static final String DELETE_NS_ADMIN = "delNamespaceAdmin"; - public static final String ADD_NS_RESPONSIBLE = "addNamespaceResponsible"; - public static final String DELETE_NS_RESPONSIBLE = "delNamespaceResponsible"; - public static final String GET_NS_BY_NAME = "getNamespaceByName"; - public static final String GET_NS_BY_ADMIN = "getNamespaceByAdmin"; - public static final String GET_NS_BY_RESPONSIBLE = "getNamespaceByResponsible"; - public static final String GET_NS_BY_EITHER = "getNamespaceByEither"; - public static final String GET_NS_CHILDREN = "getNamespaceChildren"; - public static final String UPDATE_NS_DESC = "updateNamespaceDescription"; - public static final String DELETE_NS = "deleteNamespace"; - - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#createNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public Result requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type) { - TimeTaken tt = trans.start(CREATE_NS, Env.SUB|Env.ALWAYS); - try { - REQUEST request; - try { - Data rd = nsRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,rd.asString()); - } - request = rd.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,CREATE_NS); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.createNS(trans,request,type); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,CREATE_NS); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#addAdminToNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @Override - public Result addAdminToNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) { - TimeTaken tt = trans.start(ADD_NS_ADMIN + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS); - try { - Result rp = service.addAdminNS(trans,ns,id); - switch(rp.status) { - case OK: - //TODO Perms?? - setContentType(resp,nsRequestDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,ADD_NS_ADMIN); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#delAdminFromNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @Override - public Result delAdminFromNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) { - TimeTaken tt = trans.start(DELETE_NS_ADMIN + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS); - try { - Result rp = service.delAdminNS(trans, ns, id); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_NS_ADMIN); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#addAdminToNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @Override - public Result addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) { - TimeTaken tt = trans.start(ADD_NS_RESPONSIBLE + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS); - try { - Result rp = service.addResponsibleNS(trans,ns,id); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,ADD_NS_RESPONSIBLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#delAdminFromNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @Override - public Result delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) { - TimeTaken tt = trans.start(DELETE_NS_RESPONSIBLE + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS); - try { - Result rp = service.delResponsibleNS(trans, ns, id); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_NS_RESPONSIBLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getNSsByName(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns) { - TimeTaken tt = trans.start(GET_NS_BY_NAME + ' ' + ns, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getNSbyName(trans, ns); - switch(rp.status) { - case OK: - RosettaData data = nssDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,nssDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_NS_BY_NAME); - return Result.err(e); - } finally { - tt.done(); - } - } - -// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getNSsByAdmin(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){ - TimeTaken tt = trans.start(GET_NS_BY_ADMIN + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getNSbyAdmin(trans, user, full); - switch(rp.status) { - case OK: - RosettaData data = nssDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,nssDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_NS_BY_ADMIN); - return Result.err(e); - } finally { - tt.done(); - } - } - -// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getNSsByResponsible(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){ - TimeTaken tt = trans.start(GET_NS_BY_RESPONSIBLE + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getNSbyResponsible(trans, user, full); - switch(rp.status) { - case OK: - RosettaData data = nssDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - - setContentType(resp,nssDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_NS_BY_RESPONSIBLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getNSsByResponsible(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){ - TimeTaken tt = trans.start(GET_NS_BY_EITHER + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getNSbyEither(trans, user, full); - - switch(rp.status) { - case OK: - RosettaData data = nssDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - - setContentType(resp,nssDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_NS_BY_EITHER); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getNSsByResponsible(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String parent){ - TimeTaken tt = trans.start(GET_NS_CHILDREN + ' ' + parent, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getNSsChildren(trans, parent); - switch(rp.status) { - case OK: - RosettaData data = nssDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,nssDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_NS_CHILDREN); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(UPDATE_NS_DESC, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = nsRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,UPDATE_NS_DESC); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.updateNsDescription(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_NS_DESC); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* - * (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#requestNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public Result deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns) { - TimeTaken tt = trans.start(DELETE_NS + ' ' + ns, Env.SUB|Env.ALWAYS); - try { - Result rp = service.deleteNS(trans,ns); - switch(rp.status) { - case OK: - setContentType(resp,nsRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_NS); - return Result.err(e); - } finally { - tt.done(); - } - } - - private final static String NS_CREATE_ATTRIB = "nsCreateAttrib"; - private final static String NS_UPDATE_ATTRIB = "nsUpdateAttrib"; - private final static String READ_NS_BY_ATTRIB = "readNsByAttrib"; - private final static String NS_DELETE_ATTRIB = "nsDeleteAttrib"; - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#createAttribForNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public Result createAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value) { - TimeTaken tt = trans.start(NS_CREATE_ATTRIB + ' ' + ns + ':'+key+':'+value, Env.SUB|Env.ALWAYS); - try { - Result rp = service.createNsAttrib(trans,ns,key,value); - switch(rp.status) { - case OK: - setContentType(resp, keysDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,NS_CREATE_ATTRIB); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#readAttribForNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result readNsByAttrib(AuthzTrans trans, HttpServletResponse resp, String key) { - TimeTaken tt = trans.start(READ_NS_BY_ATTRIB + ' ' + key, Env.SUB|Env.ALWAYS); - try { - Result rp = service.readNsByAttrib(trans, key); - switch(rp.status) { - case OK: - RosettaData data = keysDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,keysDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,READ_NS_BY_ATTRIB); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#updAttribForNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public Result updAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value) { - TimeTaken tt = trans.start(NS_UPDATE_ATTRIB + ' ' + ns + ':'+key+':'+value, Env.SUB|Env.ALWAYS); - try { - Result rp = service.updateNsAttrib(trans,ns,key,value); - switch(rp.status) { - case OK: - setContentType(resp, keysDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,NS_UPDATE_ATTRIB); - return Result.err(e); - } finally { - tt.done(); - } - - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#delAttribForNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String) - */ - @Override - public Result delAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key) { - TimeTaken tt = trans.start(NS_DELETE_ATTRIB + ' ' + ns + ':'+key, Env.SUB|Env.ALWAYS); - try { - Result rp = service.deleteNsAttrib(trans,ns,key); - switch(rp.status) { - case OK: - setContentType(resp, keysDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,NS_DELETE_ATTRIB); - return Result.err(e); - } finally { - tt.done(); - } - } - -// -// PERMISSION -// - public static final String CREATE_PERMISSION = "createPermission"; - public static final String GET_PERMS_BY_TYPE = "getPermsByType"; - public static final String GET_PERMS_BY_NAME = "getPermsByName"; - public static final String GET_PERMISSIONS_BY_USER = "getPermissionsByUser"; - public static final String GET_PERMISSIONS_BY_USER_WITH_QUERY = "getPermissionsByUserWithQuery"; - public static final String GET_PERMISSIONS_BY_ROLE = "getPermissionsByRole"; - public static final String GET_PERMISSIONS_BY_NS = "getPermissionsByNS"; - public static final String UPDATE_PERMISSION = "updatePermission"; - public static final String UPDATE_PERM_DESC = "updatePermissionDescription"; - public static final String SET_PERMISSION_ROLES_TO = "setPermissionRolesTo"; - public static final String DELETE_PERMISSION = "deletePermission"; - - /* - * (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#createOrUpdatePerm(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public Result createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = permRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,CREATE_PERMISSION); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.createPerm(trans,rreq); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,CREATE_PERMISSION); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getChildPerms(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getPermsByType(AuthzTrans trans, HttpServletResponse resp, String perm) { - TimeTaken tt = trans.start(GET_PERMS_BY_TYPE + ' ' + perm, Env.SUB|Env.ALWAYS); - try { - - Result rp = service.getPermsByType(trans, perm); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMS_BY_TYPE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getPermsByName(AuthzTrans trans, HttpServletResponse resp, - String type, String instance, String action) { - - TimeTaken tt = trans.start(GET_PERMS_BY_NAME + ' ' + type - + '|' + instance + '|' + action, Env.SUB|Env.ALWAYS); - try { - - Result rp = service.getPermsByName(trans, type, instance, action); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMS_BY_TYPE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getPermsByUser(AuthzTrans trans, HttpServletResponse resp, String user) { - TimeTaken tt = trans.start(GET_PERMISSIONS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getPermsByUser(trans, user); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMISSIONS_BY_USER, user); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String user) { - TimeTaken tt = trans.start(GET_PERMISSIONS_BY_USER_WITH_QUERY + ' ' + user, Env.SUB|Env.ALWAYS); - try { - PERMS perms; - try { - RosettaData data = permsDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - perms = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,CREATE_PERMISSION); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.getPermsByUser(trans, perms, user); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMISSIONS_BY_USER_WITH_QUERY , user); - return Result.err(e); - } finally { - tt.done(); - } - } - - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getPermissionsForRole(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getPermsForRole(AuthzTrans trans, HttpServletResponse resp, String roleName) { - TimeTaken tt = trans.start(GET_PERMISSIONS_BY_ROLE + ' ' + roleName, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getPermsByRole(trans, roleName); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMISSIONS_BY_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getPermsByNS(AuthzTrans trans,HttpServletResponse resp,String ns) { - TimeTaken tt = trans.start(GET_PERMISSIONS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getPermsByNS(trans, ns); - switch(rp.status) { - case OK: - RosettaData data = permsDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_PERMISSIONS_BY_NS); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* - * (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#createOrUpdatePerm(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public Result renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, - String origType, String origInstance, String origAction) { - String cmdDescription = UPDATE_PERMISSION; - TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = permRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,cmdDescription); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.renamePerm(trans,rreq, origType, origInstance, origAction); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,cmdDescription); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(UPDATE_PERM_DESC, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = permRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,UPDATE_PERM_DESC); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.updatePermDescription(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,permRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_PERM_DESC); - return Result.err(e); - } finally { - tt.done(); - } - } - - - @Override - public Result resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(SET_PERMISSION_ROLES_TO, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = rolePermRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN, SET_PERMISSION_ROLES_TO); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.resetPermRoles(trans, rreq); - - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,SET_PERMISSION_ROLES_TO); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(DELETE_PERMISSION, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = permRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,DELETE_PERMISSION); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - - Result rp = service.deletePerm(trans,rreq); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_PERMISSION); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deletePerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action) { - TimeTaken tt = trans.start(DELETE_PERMISSION + type + ' ' + instance + ' ' + action, Env.SUB|Env.ALWAYS); - try { - Result rp = service.deletePerm(trans,type,instance,action); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_PERMISSION); - return Result.err(e); - } finally { - tt.done(); - } - } - - public static final String CREATE_ROLE = "createRole"; - public static final String GET_ROLES_BY_USER = "getRolesByUser"; - public static final String GET_ROLES_BY_NS = "getRolesByNS"; - public static final String GET_ROLES_BY_NAME_ONLY = "getRolesByNameOnly"; - public static final String GET_ROLES_BY_NAME = "getRolesByName"; - public static final String GET_ROLES_BY_PERM = "getRolesByPerm"; - public static final String UPDATE_ROLE_DESC = "updateRoleDescription"; - public static final String ADD_PERM_TO_ROLE = "addPermissionToRole"; - public static final String DELETE_PERM_FROM_ROLE = "deletePermissionFromRole"; - public static final String UPDATE_MGTPERM_ROLE = "updateMgtPermRole"; - public static final String DELETE_ROLE = "deleteRole"; - public static final String GET_CERT_BY_ID = "getCertByID"; - - @Override - public Result createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(CREATE_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = roleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,CREATE_ROLE); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.createRole(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,roleRequestDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,CREATE_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getRolesByName(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getRolesByName(AuthzTrans trans, HttpServletResponse resp, String role) { - TimeTaken tt = trans.start(GET_ROLES_BY_NAME + ' ' + role, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getRolesByName(trans, role); - switch(rp.status) { - case OK: - RosettaData data = roleDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,roleDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_ROLES_BY_NAME); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getRolesByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getRolesByUser(AuthzTrans trans,HttpServletResponse resp, String user) { - TimeTaken tt = trans.start(GET_ROLES_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getRolesByUser(trans, user); - switch(rp.status) { - case OK: - RosettaData data = roleDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,roleDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_ROLES_BY_USER, user); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getRolesByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getRolesByNS(AuthzTrans trans,HttpServletResponse resp, String ns) { - TimeTaken tt = trans.start(GET_ROLES_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getRolesByNS(trans, ns); - switch(rp.status) { - case OK: - if(!rp.isEmpty()) { - RosettaData data = roleDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - } else { - Question.logEncryptTrace(trans, NO_DATA); - } - setContentType(resp,roleDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_ROLES_BY_NS); - return Result.err(e); - } finally { - tt.done(); - } - } - - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getRolesByNameOnly(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getRolesByNameOnly(AuthzTrans trans,HttpServletResponse resp, String nameOnly) { - TimeTaken tt = trans.start(GET_ROLES_BY_NAME_ONLY + ' ' + nameOnly, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getRolesByNameOnly(trans, nameOnly); - switch(rp.status) { - case OK: - if(!rp.isEmpty()) { - RosettaData data = roleDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - } else { - Question.logEncryptTrace(trans, NO_DATA); - } - setContentType(resp,roleDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_ROLES_BY_NAME_ONLY); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getRolesByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getRolesByPerm(AuthzTrans trans,HttpServletResponse resp, String type, String instance, String action) { - TimeTaken tt = trans.start(GET_ROLES_BY_PERM + type +' '+instance+' '+action, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getRolesByPerm(trans, type,instance,action); - switch(rp.status) { - case OK: - RosettaData data = roleDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,roleDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_ROLES_BY_PERM); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* - * (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#updateDescription(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public Result updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(UPDATE_ROLE_DESC, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = roleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,UPDATE_ROLE_DESC); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.updateRoleDescription(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,roleRequestDF.getOutType()); - return Result.ok(); - default: - return rp; - } - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_ROLE_DESC); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result addPermToRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(ADD_PERM_TO_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = rolePermRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,ADD_PERM_TO_ROLE); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.addPermToRole(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,ADD_PERM_TO_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result delPermFromRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(DELETE_PERM_FROM_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = rolePermRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,DELETE_PERM_FROM_ROLE); - return Result.err(Status.ERR_BadData,"Invalid Input"); - - } - Result rp = service.delPermFromRole(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - resp.getOutputStream().println(); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_PERM_FROM_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deleteRole(AuthzTrans trans, HttpServletResponse resp, String role) { - TimeTaken tt = trans.start(DELETE_ROLE + ' ' + role, Env.SUB|Env.ALWAYS); - try { - Result rp = service.deleteRole(trans, role); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(DELETE_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = roleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN,CREATE_ROLE); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.deleteRole(trans, rreq); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - public static final String CREATE_CRED = "createUserCred"; - private static final String GET_CREDS_BY_NS = "getCredsByNS"; - private static final String GET_CREDS_BY_ID = "getCredsByID"; - public static final String UPDATE_CRED = "updateUserCred"; - public static final String EXTEND_CRED = "extendUserCred"; - public static final String DELETE_CRED = "deleteUserCred"; - public static final String DOES_CRED_MATCH = "doesCredMatch"; - public static final String VALIDATE_BASIC_AUTH = "validateBasicAuth"; - - - - @Override - /** - * Create Credential - * - */ - public Result createUserCred(AuthzTrans trans, HttpServletRequest req) { - TimeTaken tt = trans.start(CREATE_CRED, Env.SUB|Env.ALWAYS); - try { - RosettaData data = credRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - return service.createUserCred(trans, data.asObject()); - } catch(APIException e) { - trans.error().log(e,"Bad Input data"); - return Result.err(Status.ERR_BadData, e.getLocalizedMessage()); - } catch (Exception e) { - trans.error().log(e,IN,CREATE_CRED); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result changeUserCred(AuthzTrans trans, HttpServletRequest req) { - TimeTaken tt = trans.start(UPDATE_CRED, Env.SUB|Env.ALWAYS); - try { - RosettaData data = credRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.changeUserCred(trans, data.asObject()); - } catch(APIException e) { - trans.error().log(e,"Bad Input data"); - return Result.err(Status.ERR_BadData, e.getLocalizedMessage()); - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_CRED); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#extendUserCred(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, int) - */ - @Override - public Result extendUserCred(AuthzTrans trans, HttpServletRequest req, String days) { - TimeTaken tt = trans.start(EXTEND_CRED, Env.SUB|Env.ALWAYS); - try { - RosettaData data = credRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.extendUserCred(trans, data.asObject(), days); - } catch(APIException e) { - trans.error().log(e,"Bad Input data"); - return Result.err(Status.ERR_BadData, e.getLocalizedMessage()); - } catch (Exception e) { - trans.error().log(e,IN,EXTEND_CRED); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns) { - TimeTaken tt = trans.start(GET_CREDS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS); - - try { - Result ru = service.getCredsByNS(trans,ns); - switch(ru.status) { - case OK: - RosettaData data = usersDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans,trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_CREDS_BY_NS); - return Result.err(e); - } finally { - tt.done(); - } - - } - - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getCredsByID(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id) { - TimeTaken tt = trans.start(GET_CREDS_BY_ID + ' ' + id, Env.SUB|Env.ALWAYS); - - try { - Result ru = service.getCredsByID(trans,id); - switch(ru.status) { - case OK: - RosettaData data = usersDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_CREDS_BY_ID); - return Result.err(e); - } finally { - tt.done(); - } - - } - - @Override - public Result deleteUserCred(AuthzTrans trans, HttpServletRequest req) { - TimeTaken tt = trans.start(DELETE_CRED, Env.SUB|Env.ALWAYS); - try { - RosettaData data = credRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.deleteUserCred(trans, data.asObject()); - } catch(APIException e) { - trans.error().log(e,"Bad Input data"); - return Result.err(Status.ERR_BadData, e.getLocalizedMessage()); - } catch (Exception e) { - trans.error().log(e,IN,DELETE_CRED); - return Result.err(e); - } finally { - tt.done(); - } - } - - - @Override - public Result doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(DOES_CRED_MATCH, Env.SUB|Env.ALWAYS); - try { - RosettaData data = credRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.doesCredentialMatch(trans, data.asObject()); - } catch(APIException e) { - trans.error().log(e,"Bad Input data"); - return Result.err(Status.ERR_BadData, e.getLocalizedMessage()); - } catch (IOException e) { - trans.error().log(e,IN,DOES_CRED_MATCH); - return Result.err(e); - } finally { - tt.done(); - } - } - - - @Override - public Result validBasicAuth(AuthzTrans trans, HttpServletResponse resp, String basicAuth) { - TimeTaken tt = trans.start(VALIDATE_BASIC_AUTH, Env.SUB|Env.ALWAYS); - try { - Result result = service.validateBasicAuth(trans,basicAuth); - switch(result.status){ - case OK: - resp.getOutputStream().write(Chrono.utcStamp(result.value).getBytes()); - return Result.ok(); - } - return Result.err(result); - } catch (Exception e) { - trans.error().log(e,IN,VALIDATE_BASIC_AUTH); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getCertInfoByID(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id) { - TimeTaken tt = trans.start(GET_CERT_BY_ID, Env.SUB|Env.ALWAYS); - try { - Result rci = service.getCertInfoByID(trans,req,id); - - switch(rci.status) { - case OK: - if(Question.willSpecialLog(trans, trans.user())) { - RosettaData data = certsDF.newData(trans).load(rci.value); - Question.logEncryptTrace(trans,data.asString()); - data.to(resp.getOutputStream()); - } else { - certsDF.direct(trans, rci.value, resp.getOutputStream()); - } - setContentType(resp,certsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rci); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_CERT_BY_ID); - return Result.err(e); - } finally { - tt.done(); - } - } - - public static final String CREATE_DELEGATE = "createDelegate"; - public static final String UPDATE_DELEGATE = "updateDelegate"; - public static final String DELETE_DELEGATE = "deleteDelegate"; - public static final String GET_DELEGATE_USER = "getDelegatesByUser"; - public static final String GET_DELEGATE_DELG = "getDelegatesByDelegate"; - - @Override - public Result createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(CREATE_DELEGATE, Env.SUB|Env.ALWAYS); - try { - Data data = delgRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.createDelegate(trans, data.asObject()); - } catch (Exception e) { - trans.error().log(e,IN,CREATE_DELEGATE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(UPDATE_DELEGATE, Env.SUB|Env.ALWAYS); - try { - Data data = delgRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.updateDelegate(trans, data.asObject()); - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_DELEGATE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(DELETE_DELEGATE, Env.SUB|Env.ALWAYS); - try { - Data data = delgRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - return service.deleteDelegate(trans, data.asObject()); - } catch (Exception e) { - trans.error().log(e,IN,DELETE_DELEGATE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deleteDelegate(AuthzTrans trans, String userName) { - TimeTaken tt = trans.start(DELETE_DELEGATE + ' ' + userName, Env.SUB|Env.ALWAYS); - try { - return service.deleteDelegate(trans, userName); - } catch (Exception e) { - trans.error().log(e,IN,DELETE_DELEGATE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getDelegatesByUser(AuthzTrans trans, String user, HttpServletResponse resp) { - TimeTaken tt = trans.start(GET_DELEGATE_USER, Env.SUB|Env.ALWAYS); - try { - Result rd = service.getDelegatesByUser(trans, user); - - switch(rd.status) { - case OK: - RosettaData data = delgDF.newData(trans).load(rd.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,delgDF.getOutType()); - return Result.ok(); - default: - return Result.err(rd); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_DELEGATE_USER); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getDelegatesByDelegate(AuthzTrans trans, String delegate, HttpServletResponse resp) { - TimeTaken tt = trans.start(GET_DELEGATE_DELG, Env.SUB|Env.ALWAYS); - try { - Result rd = service.getDelegatesByDelegate(trans, delegate); - switch(rd.status) { - case OK: - RosettaData data = delgDF.newData(trans).load(rd.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - setContentType(resp,delgDF.getOutType()); - return Result.ok(); - default: - return Result.err(rd); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_DELEGATE_DELG); - return Result.err(e); - } finally { - tt.done(); - } - } - - private static final String REQUEST_USER_ROLE = "createUserRole"; - private static final String GET_USERROLES = "getUserRoles"; - private static final String GET_USERROLES_BY_ROLE = "getUserRolesByRole"; - private static final String GET_USERROLES_BY_USER = "getUserRolesByUser"; - private static final String SET_ROLES_FOR_USER = "setRolesForUser"; - private static final String SET_USERS_FOR_ROLE = "setUsersForRole"; - private static final String EXTEND_USER_ROLE = "extendUserRole"; - private static final String DELETE_USER_ROLE = "deleteUserRole"; - @Override - public Result requestUserRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(REQUEST_USER_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST request; - try { - Data data = userRoleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - request = data.asObject(); - } catch(APIException e) { - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.createUserRole(trans,request); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,REQUEST_USER_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) { - TimeTaken tt = trans.start(GET_USERROLES + ' ' + user + '|' + role, Env.SUB|Env.ALWAYS); - try { - Result ru = service.getUserInRole(trans,user,role); - switch(ru.status) { - case OK: - RosettaData data = usersDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_USERROLES); - return Result.err(e); - } finally { - tt.done(); - } - - } - - @Override - public Result getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user) { - TimeTaken tt = trans.start(GET_USERROLES_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result ru = service.getUserRolesByUser(trans,user); - switch(ru.status) { - case OK: - RosettaData data = userrolesDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_USERROLES_BY_USER); - return Result.err(e); - } finally { - tt.done(); - } - - } - - @Override - public Result getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role) { - TimeTaken tt = trans.start(GET_USERROLES_BY_ROLE + ' ' + role, Env.SUB|Env.ALWAYS); - try { - Result ru = service.getUserRolesByRole(trans,role); - switch(ru.status) { - case OK: - RosettaData data = userrolesDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_USERROLES_BY_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - - } - - - @Override - public Result resetUsersForRole(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req) { - TimeTaken tt = trans.start(SET_USERS_FOR_ROLE, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = userRoleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN, SET_USERS_FOR_ROLE); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.resetUsersForRole(trans, rreq); - - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,SET_USERS_FOR_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - - } - - @Override - public Result resetRolesForUser(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req) { - TimeTaken tt = trans.start(SET_ROLES_FOR_USER, Env.SUB|Env.ALWAYS); - try { - REQUEST rreq; - try { - RosettaData data = userRoleRequestDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - rreq = data.asObject(); - } catch(APIException e) { - trans.error().log("Invalid Input",IN, SET_ROLES_FOR_USER); - return Result.err(Status.ERR_BadData,"Invalid Input"); - } - - Result rp = service.resetRolesForUser(trans, rreq); - - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,SET_ROLES_FOR_USER); - return Result.err(e); - } finally { - tt.done(); - } - - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#extendUserRoleExpiration(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String) - */ - @Override - public Result extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user, String role) { - TimeTaken tt = trans.start(EXTEND_USER_ROLE + ' ' + user + ' ' + role, Env.SUB|Env.ALWAYS); - try { - return service.extendUserRole(trans,user,role); - } catch (Exception e) { - trans.error().log(e,IN,EXTEND_USER_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) { - TimeTaken tt = trans.start(DELETE_USER_ROLE + ' ' + user + ' ' + role, Env.SUB|Env.ALWAYS); - try { - Result rp = service.deleteUserRole(trans,user,role); - switch(rp.status) { - case OK: - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,DELETE_USER_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - private static final String UPDATE_APPROVAL = "updateApproval"; - private static final String GET_APPROVALS_BY_USER = "getApprovalsByUser."; - private static final String GET_APPROVALS_BY_TICKET = "getApprovalsByTicket."; - private static final String GET_APPROVALS_BY_APPROVER = "getApprovalsByApprover."; - - @Override - public Result updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start(UPDATE_APPROVAL, Env.SUB|Env.ALWAYS); - try { - Data data = approvalDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - Result rp = service.updateApproval(trans, data.asObject()); - - switch(rp.status) { - case OK: - setContentType(resp,approvalDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,UPDATE_APPROVAL); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user) { - TimeTaken tt = trans.start(GET_APPROVALS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getApprovalsByUser(trans, user); - switch(rp.status) { - case OK: - RosettaData data = approvalDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - data.to(resp.getOutputStream()); - - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_APPROVALS_BY_USER, user); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver) { - TimeTaken tt = trans.start(GET_APPROVALS_BY_APPROVER + ' ' + approver, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getApprovalsByApprover(trans, approver); - switch(rp.status) { - case OK: - RosettaData data = approvalDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_APPROVALS_BY_APPROVER,approver); - return Result.err(e); - } finally { - tt.done(); - } - } - - @Override - public Result getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket) { - TimeTaken tt = trans.start(GET_APPROVALS_BY_TICKET, Env.SUB|Env.ALWAYS); - try { - Result rp = service.getApprovalsByTicket(trans, ticket); - switch(rp.status) { - case OK: - RosettaData data = approvalDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,permsDF.getOutType()); - return Result.ok(); - default: - return Result.err(rp); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_APPROVALS_BY_TICKET); - return Result.err(e); - } finally { - tt.done(); - } - } - - - - public static final String GET_USERS_PERMISSION = "getUsersByPermission"; - public static final String GET_USERS_ROLE = "getUsersByRole"; - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getUsersByRole(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role) { - TimeTaken tt = trans.start(GET_USERS_ROLE + ' ' + role, Env.SUB|Env.ALWAYS); - try { - Result ru = service.getUsersByRole(trans,role); - switch(ru.status) { - case OK: - RosettaData data = usersDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_USERS_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getUsersByPermission(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public Result getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, - String type, String instance, String action) { - TimeTaken tt = trans.start(GET_USERS_PERMISSION + ' ' + type + ' ' + instance + ' ' +action, Env.SUB|Env.ALWAYS); - try { - Result ru = service.getUsersByPermission(trans,type,instance,action); - switch(ru.status) { - case OK: - RosettaData data = usersDF.newData(trans).load(ru.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,usersDF.getOutType()); - return Result.ok(); - default: - return Result.err(ru); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_USERS_PERMISSION); - return Result.err(e); - } finally { - tt.done(); - } - } - - - public static final String GET_HISTORY_USER = "getHistoryByUser"; - public static final String GET_HISTORY_ROLE = "getHistoryByRole"; - public static final String GET_HISTORY_PERM = "getHistoryByPerm"; - public static final String GET_HISTORY_NS = "getHistoryByNS"; - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getHistoryByUser(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public Result getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort) { - StringBuilder sb = new StringBuilder(); - sb.append(GET_HISTORY_USER); - sb.append(' '); - sb.append(user); - sb.append(" for "); - boolean first = true; - for(int i : yyyymm) { - if(first) { - first = false; - } else { - sb.append(','); - } - sb.append(i); - } - TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS); - - try { - Result rh = service.getHistoryByUser(trans,user,yyyymm,sort); - switch(rh.status) { - case OK: - RosettaData data = historyDF.newData(trans).load(rh.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,historyDF.getOutType()); - return Result.ok(); - default: - return Result.err(rh); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_HISTORY_USER); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getHistoryByRole(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[]) - */ - @Override - public Result getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort) { - StringBuilder sb = new StringBuilder(); - sb.append(GET_HISTORY_ROLE); - sb.append(' '); - sb.append(role); - sb.append(" for "); - boolean first = true; - for(int i : yyyymm) { - if(first) { - first = false; - } else { - sb.append(','); - } - sb.append(i); - } - TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS); - try { - Result rh = service.getHistoryByRole(trans,role,yyyymm,sort); - switch(rh.status) { - case OK: - RosettaData data = historyDF.newData(trans).load(rh.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,historyDF.getOutType()); - return Result.ok(); - default: - return Result.err(rh); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_HISTORY_ROLE); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getHistoryByNS(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[]) - */ - @Override - public Result getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String ns, int[] yyyymm, final int sort) { - StringBuilder sb = new StringBuilder(); - sb.append(GET_HISTORY_NS); - sb.append(' '); - sb.append(ns); - sb.append(" for "); - boolean first = true; - for(int i : yyyymm) { - if(first) { - first = false; - } else { - sb.append(','); - } - sb.append(i); - } - TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS); - try { - Result rh = service.getHistoryByNS(trans,ns,yyyymm,sort); - switch(rh.status) { - case OK: - RosettaData data = historyDF.newData(trans).load(rh.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,historyDF.getOutType()); - return Result.ok(); - default: - return Result.err(rh); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_HISTORY_NS); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getHistoryByPerm(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[]) - */ - @Override - public Result getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort) { - StringBuilder sb = new StringBuilder(); - sb.append(GET_HISTORY_PERM); - sb.append(' '); - sb.append(perm); - sb.append(" for "); - boolean first = true; - for(int i : yyyymm) { - if(first) { - first = false; - } else { - sb.append(','); - } - sb.append(i); - } - TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS); - try { - Result rh = service.getHistoryByPerm(trans,perm,yyyymm,sort); - switch(rh.status) { - case OK: - RosettaData data = historyDF.newData(trans).load(rh.value); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,historyDF.getOutType()); - return Result.ok(); - default: - return Result.err(rh); - } - } catch (Exception e) { - trans.error().log(e,IN,GET_HISTORY_PERM); - return Result.err(e); - } finally { - tt.done(); - } - } - - public final static String CACHE_CLEAR = "cacheClear "; -// public final static String CACHE_VALIDATE = "validateCache"; - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#cacheClear(org.onap.aaf.authz.env.AuthzTrans, java.lang.String) - */ - @Override - public Result cacheClear(AuthzTrans trans, String cname) { - TimeTaken tt = trans.start(CACHE_CLEAR + cname, Env.SUB|Env.ALWAYS); - try { - return service.cacheClear(trans,cname); - } catch (Exception e) { - trans.error().log(e,IN,CACHE_CLEAR); - return Result.err(e); - } finally { - tt.done(); - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#cacheClear(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.Integer) - */ - @Override - public Result cacheClear(AuthzTrans trans, String cname, String segments) { - TimeTaken tt = trans.start(CACHE_CLEAR + cname + ", segments[" + segments + ']', Env.SUB|Env.ALWAYS); - try { - String[] segs = segments.split("\\s*,\\s*"); - int isegs[] = new int[segs.length]; - for(int i=0;i getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet rservlet) { - TimeTaken tt = trans.start(API_REPORT, Env.SUB); - try { - Api api = new Api(); - Api.Route ar; - Method[] meths = AuthzCassServiceImpl.class.getDeclaredMethods(); - for(RouteReport rr : rservlet.routeReport()) { - api.getRoute().add(ar = new Api.Route()); - ar.setMeth(rr.meth.name()); - ar.setPath(rr.path); - ar.setDesc(rr.desc); - ar.getContentType().addAll(rr.contextTypes); - for(Method m : meths) { - ApiDoc ad; - if((ad = m.getAnnotation(ApiDoc.class))!=null && - rr.meth.equals(ad.method()) && - rr.path.equals(ad.path())) { - for(String param : ad.params()) { - ar.getParam().add(param); - } - for(String text : ad.text()) { - ar.getComments().add(text); - } - ar.setExpected(ad.expectedCode()); - for(int ec : ad.errorCodes()) { - ar.getExplicitErr().add(ec); - } - } - } - } - RosettaData data = apiDF.newData(trans).load(api); - if(Question.willSpecialLog(trans, trans.user())) { - Question.logEncryptTrace(trans,data.asString()); - } - - data.to(resp.getOutputStream()); - setContentType(resp,apiDF.getOutType()); - return Result.ok(); - - } catch (Exception e) { - trans.error().log(e,IN,API_REPORT); - return Result.err(e); - } finally { - tt.done(); - } - } - - - public final static String API_EXAMPLE = "apiExample"; - - /* (non-Javadoc) - * @see org.onap.aaf.authz.facade.AuthzFacade#getAPIExample(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) - */ - @Override - public Result getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) { - TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB); - try { - String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); - resp.getOutputStream().print(content); - setContentType(resp,content.contains(" -{ - public AuthzFacade_2_0(AuthzEnv env, - AuthzService service, - Data.TYPE type) throws APIException { - super(env, service, type); - } -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/service/AuthAPI.java b/authz-service/src/main/java/org/onap/aaf/authz/service/AuthAPI.java deleted file mode 100644 index 3a918072..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/service/AuthAPI.java +++ /dev/null @@ -1,330 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.service; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.security.GeneralSecurityException; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.List; -import java.util.Properties; - -import org.onap.aaf.authz.cadi.DirectAAFLur; -import org.onap.aaf.authz.cadi.DirectAAFUserPass; -import org.onap.aaf.authz.cadi.DirectCertIdentity; -import org.onap.aaf.authz.env.AuthzEnv; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.env.AuthzTransFilter; -import org.onap.aaf.authz.facade.AuthzFacadeFactory; -import org.onap.aaf.authz.facade.AuthzFacade_2_0; -import org.onap.aaf.authz.org.OrganizationFactory; -import org.onap.aaf.authz.server.AbsServer; -import org.onap.aaf.authz.service.api.API_Api; -import org.onap.aaf.authz.service.api.API_Approval; -import org.onap.aaf.authz.service.api.API_Creds; -import org.onap.aaf.authz.service.api.API_Delegate; -import org.onap.aaf.authz.service.api.API_History; -import org.onap.aaf.authz.service.api.API_Mgmt; -import org.onap.aaf.authz.service.api.API_NS; -import org.onap.aaf.authz.service.api.API_Perms; -import org.onap.aaf.authz.service.api.API_Roles; -import org.onap.aaf.authz.service.api.API_User; -import org.onap.aaf.authz.service.api.API_UserRole; -import org.onap.aaf.authz.service.mapper.Mapper.API; -import org.onap.aaf.cssa.rserv.HttpMethods; -import org.onap.aaf.dao.CassAccess; -import org.onap.aaf.dao.aaf.cass.CacheInfoDAO; -import org.onap.aaf.dao.aaf.hl.Question; - -import com.att.aft.dme2.api.DME2Exception; -//import com.att.aft.dme2.api.DME2FilterHolder; -//import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType; -import com.att.aft.dme2.api.DME2Manager; -import com.att.aft.dme2.api.DME2Server; -import com.att.aft.dme2.api.DME2ServerProperties; -import com.att.aft.dme2.api.DME2ServiceHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder; -import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType; -import com.att.aft.dme2.api.util.DME2ServletHolder; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.SecuritySetter; -import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.config.SecurityInfoC; -import org.onap.aaf.cadi.http.HBasicAuthSS; -import org.onap.aaf.cadi.http.HMangr; -import org.onap.aaf.cadi.http.HX509SS; -import org.onap.aaf.cadi.locator.DME2Locator; -import org.onap.aaf.cadi.taf.basic.BasicHttpTaf; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Data; -import org.onap.aaf.inno.env.Env; -import com.datastax.driver.core.Cluster; - -public class AuthAPI extends AbsServer { - - private static final String ORGANIZATION = "Organization."; - private static final String DOMAIN = "openecomp.org"; - -// TODO Add Service Metrics -// private Metric serviceMetric; - public final Question question; -// private final SessionFilter sessionFilter; - private AuthzFacade_2_0 facade; - private AuthzFacade_2_0 facade_XML; - private DirectAAFUserPass directAAFUserPass; - - /** - * Construct AuthzAPI with all the Context Supporting Routes that Authz needs - * - * @param env - * @param decryptor - * @throws APIException - */ - public AuthAPI(AuthzEnv env) throws Exception { - super(env,"AAF"); - - // Set "aaf_url" for peer communication based on Service DME2 URL - env.setProperty(Config.AAF_URL, "https://DME2RESOLVE/"+env.getProperty("DMEServiceName")); - - // Setup Log Names - env.setLog4JNames("log4j.properties","authz","authz|service","audit","init","trace"); - - final Cluster cluster = org.onap.aaf.dao.CassAccess.cluster(env,null); - - // jg 4/2015 SessionFilter unneeded... DataStax already deals with Multithreading well - - // Setup Shutdown Hooks for Cluster and Pooled Sessions - Runtime.getRuntime().addShutdownHook(new Thread() { - @Override - public void run() { -// sessionFilter.destroy(); - cluster.close(); - } - }); - - // Initialize Facade for all uses - AuthzTrans trans = env.newTrans(); - - // Initialize Organizations... otherwise, first pass may miss - int org_size = ORGANIZATION.length(); - for(String n : env.existingStaticSlotNames()) { - if(n.startsWith(ORGANIZATION)) { - OrganizationFactory.obtain(env, n.substring(org_size)); - } - } - - // Need Question for Security purposes (direct User/Authz Query in Filter) - // Start Background Processing - question = new Question(trans, cluster, CassAccess.KEYSPACE, true); - - DirectCertIdentity.set(question.certDAO); - - facade = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.JSON,question); - facade_XML = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.XML,question); - - directAAFUserPass = new DirectAAFUserPass( - trans.env(),question,trans.getProperty("Unknown")); - - - // Print results and cleanup - StringBuilder sb = new StringBuilder(); - trans.auditTrail(0, sb); - if(sb.length()>0)env.init().log(sb); - trans = null; - sb = null; - - //////////////////////////////////////////////////////////////////////////// - // Time Critical - // These will always be evaluated first - //////////////////////////////////////////////////////////////////////// - API_Creds.timeSensitiveInit(env, this, facade,directAAFUserPass); - API_Perms.timeSensitiveInit(this, facade); - //////////////////////////////////////////////////////////////////////// - // Service APIs - //////////////////////////////////////////////////////////////////////// - API_Creds.init(this, facade); - API_UserRole.init(this, facade); - API_Roles.init(this, facade); - API_Perms.init(this, facade); - API_NS.init(this, facade); - API_User.init(this, facade); - API_Delegate.init(this,facade); - API_Approval.init(this, facade); - API_History.init(this, facade); - - //////////////////////////////////////////////////////////////////////// - // Management APIs - //////////////////////////////////////////////////////////////////////// - // There are several APIs around each concept, and it gets a bit too - // long in this class to create. The initialization of these Management - // APIs have therefore been pushed to StandAlone Classes with static - // init functions - API_Mgmt.init(this, facade); - API_Api.init(this, facade); - - } - - /** - * Setup XML and JSON implementations for each supported Version type - * - * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties - * to do Versions and Content switches - * - */ - public void route(HttpMethods meth, String path, API api, Code code) throws Exception { - String version = "2.0"; - Class respCls = facade.mapper().getClass(api); - if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); - String application = applicationJSON(respCls, version); - - route(env,meth,path,code,application,"application/json;version=2.0","*/*"); - application = applicationXML(respCls, version); - route(env,meth,path,code.clone(facade_XML,false),application,"text/xml;version=2.0"); - } - - /** - * Start up AuthzAPI as DME2 Service - * @param env - * @param props - * @throws Exception - * @throws LocatorException - * @throws CadiException - * @throws NumberFormatException - * @throws IOException - * @throws GeneralSecurityException - * @throws APIException - */ - public void startDME2(Properties props) throws Exception { - DME2Manager dme2 = new DME2Manager("AuthzServiceDME2Manager",props); - String s = dme2.getStringProp(Config.AFT_DME2_SSL_INCLUDE_PROTOCOLS,null); - env.init().log("DME2 Service TLS Protocols are set to",(s==null?"DME2 Default":s)); - - DME2ServiceHolder svcHolder; - List slist = new ArrayList(); - svcHolder = new DME2ServiceHolder(); - String serviceName = env.getProperty("DMEServiceName",null); - if(serviceName!=null) { - svcHolder.setServiceURI(serviceName); - svcHolder.setManager(dme2); - svcHolder.setContext("/"); - DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/authz","/authn","/mgmt"}); - srvHolder.setContextPath("/*"); - slist.add(srvHolder); - - EnumSet edlist = EnumSet.of( - RequestDispatcherType.REQUEST, - RequestDispatcherType.FORWARD, - RequestDispatcherType.ASYNC - ); - - List flist = new ArrayList(); - - // Add DME2 Metrics - // DME2 removed the Metrics Filter in 2.8.8.5 - // flist.add(new DME2FilterHolder(new DME2MetricsFilter(serviceName),"/*",edlist)); - - // Note: Need CADI to fill out User for AuthTransFilter... so it's first - // Make sure there is no AAF TAF configured for Filters - env.setProperty(Config.AAF_URL,null); - - flist.add( - new DME2FilterHolder( - new AuthzTransFilter(env, null /* no connection to AAF... it is AAF */, - new AAFTrustChecker((Env)env), - new DirectAAFLur(env,question), // Note, this will be assigned by AuthzTransFilter to TrustChecker - new BasicHttpTaf(env, directAAFUserPass, - DOMAIN,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)), - false - ) // Add specialty Direct TAF - ), - "/*", edlist)); - - svcHolder.setFilters(flist); - svcHolder.setServletHolders(slist); - - DME2Server dme2svr = dme2.getServer(); - - String hostname = env.getProperty("HOSTNAME",null); - if(hostname!=null) { - //dme2svr.setHostname(hostname); - hostname=null; - } - // dme2svr.setGracefulShutdownTimeMs(5000); - - env.init().log("Starting AAF Jetty/DME2 server..."); - dme2svr.start(); - try { -// if(env.getProperty("NO_REGISTER",null)!=null) - dme2.bindService(svcHolder); - //env.init().log("DME2 is available as HTTPS on port:",dme2svr.getPort()); - - // Start CacheInfo Listener - HMangr hman = new HMangr(env, new DME2Locator(env, dme2,"https://DME2RESOLVE/"+serviceName,true /*remove self from cache*/)); - SecuritySetter ss; - -// InetAddress ip = InetAddress.getByName(dme2svr.getHostname()); - SecurityInfoC si = new SecurityInfoC(env); - String mechID; - if((mechID=env.getProperty(Config.AAF_MECHID))==null) { - String alias = env.getProperty(Config.CADI_ALIAS); - if(alias==null) { - env.init().log(Config.CADI_ALIAS, "is required for AAF Authentication by Certificate. Alternately, set",Config.AAF_MECHID,"and",Config.AAF_MECHPASS); - System.exit(1); - } - ss = new HX509SS(alias,si,true); - env.init().log("X509 Certificate Client configured:", alias); - } else { - String pass = env.getProperty(Config.AAF_MECHPASS); - if(pass==null) { - env.init().log(Config.AAF_MECHPASS, "is required for AAF Authentication by ID/Pass"); - System.exit(1); - } - ss = new HBasicAuthSS(mechID,env.decrypt(pass, true),si,true); - env.init().log("BasicAuth (ID/Pass) Client configured."); - } - - //TODO Reenable Cache Update - //CacheInfoDAO.startUpdate(env, hman, ss, dme2svr.getHostname(), dme2svr.getPort()); - - while(true) { // Per DME2 Examples... - Thread.sleep(5000); - } - } catch(DME2Exception e) { // Error binding service doesn't seem to stop DME2 or Process - env.init().log(e,"DME2 Initialization Error"); - dme2svr.stop(); - System.exit(1); - } catch(InterruptedException e) { - env.init().log("AAF Jetty Server interrupted!"); - } - } else { - env.init().log("Properties must contain 'DMEServiceName'"); - } - } - - public static void main(String[] args) { - setup(AuthAPI.class,"authAPI.props"); - } -} diff --git a/authz-service/src/main/java/org/onap/aaf/authz/service/AuthzCassServiceImpl.java b/authz-service/src/main/java/org/onap/aaf/authz/service/AuthzCassServiceImpl.java deleted file mode 100644 index 13884747..00000000 --- a/authz-service/src/main/java/org/onap/aaf/authz/service/AuthzCassServiceImpl.java +++ /dev/null @@ -1,3973 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.authz.service; - -import static org.onap.aaf.authz.layer.Result.OK; -import static org.onap.aaf.cssa.rserv.HttpMethods.DELETE; -import static org.onap.aaf.cssa.rserv.HttpMethods.GET; -import static org.onap.aaf.cssa.rserv.HttpMethods.POST; -import static org.onap.aaf.cssa.rserv.HttpMethods.PUT; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.GregorianCalendar; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeMap; -import java.util.UUID; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.aaf.authz.common.Define; -import org.onap.aaf.authz.env.AuthzTrans; -import org.onap.aaf.authz.layer.Result; -import org.onap.aaf.authz.org.Executor; -import org.onap.aaf.authz.org.Organization; -import org.onap.aaf.authz.org.Organization.Expiration; -import org.onap.aaf.authz.org.Organization.Identity; -import org.onap.aaf.authz.org.Organization.Policy; -import org.onap.aaf.authz.service.mapper.Mapper; -import org.onap.aaf.authz.service.mapper.Mapper.API; -import org.onap.aaf.authz.service.validation.Validator; -import org.onap.aaf.cssa.rserv.doc.ApiDoc; -import org.onap.aaf.dao.DAOException; -import org.onap.aaf.dao.aaf.cass.ApprovalDAO; -import org.onap.aaf.dao.aaf.cass.CertDAO; -import org.onap.aaf.dao.aaf.cass.CredDAO; -import org.onap.aaf.dao.aaf.cass.DelegateDAO; -import org.onap.aaf.dao.aaf.cass.FutureDAO; -import org.onap.aaf.dao.aaf.cass.HistoryDAO; -import org.onap.aaf.dao.aaf.cass.Namespace; -import org.onap.aaf.dao.aaf.cass.NsDAO; -import org.onap.aaf.dao.aaf.cass.NsSplit; -import org.onap.aaf.dao.aaf.cass.NsType; -import org.onap.aaf.dao.aaf.cass.PermDAO; -import org.onap.aaf.dao.aaf.cass.RoleDAO; -import org.onap.aaf.dao.aaf.cass.Status; -import org.onap.aaf.dao.aaf.cass.UserRoleDAO; -import org.onap.aaf.dao.aaf.cass.NsDAO.Data; -import org.onap.aaf.dao.aaf.hl.CassExecutor; -import org.onap.aaf.dao.aaf.hl.Function; -import org.onap.aaf.dao.aaf.hl.Question; -import org.onap.aaf.dao.aaf.hl.Question.Access; - -import org.onap.aaf.cadi.principal.BasicPrincipal; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Chrono; -import org.onap.aaf.inno.env.util.Split; - -import aaf.v2_0.CredRequest; - -/** - * AuthzCassServiceImpl implements AuthzCassService for - * - * - * @param - * @param - * @param - * @param - * @param - * @param - * @param - * @param - * @param - * @param - */ -public class AuthzCassServiceImpl - implements AuthzService { - - private Mapper mapper; - @Override - public Mapper mapper() {return mapper;} - - private static final String ASTERIX = "*"; - private static final String CACHE = "cache"; - - private final Question ques; - private final Function func; - - public AuthzCassServiceImpl(AuthzTrans trans, Mapper mapper,Question question) { - this.ques = question; - func = new Function(trans, question); - this.mapper = mapper; - - } - -/*********************************** - * NAMESPACE - ***********************************/ - /** - * createNS - * @throws DAOException - * @see org.onap.aaf.authz.service.AuthzService#createNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @ApiDoc( - method = POST, - path = "/authz/ns", - params = {}, - expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { "Namespace consists of: ", - "

", - "Note: Namespaces are dot-delimited (i.e. com.myCompany.myApp) and must be ", - "created with parent credentials (i.e. To create com.myCompany.myApp, you must ", - "be an admin of com.myCompany or com" - } - ) - @Override - public Result createNS(final AuthzTrans trans, REQUEST from, NsType type) { - final Result rnamespace = mapper.ns(trans, from); - final Validator v = new Validator(); - if(v.ns(rnamespace).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - final Namespace namespace = rnamespace.value; - final Result parentNs = ques.deriveNs(trans,namespace.name); - if(parentNs.notOK()) { - return Result.err(parentNs); - } - - if(namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed - return func.createNS(trans, namespace, false); - } - - Result fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true, - new Mapper.Memo() { - @Override - public String get() { - return "Create Namespace [" + namespace.name + ']'; - } - }, - new MayChange() { - private Result rnd; - @Override - public Result mayChange() { - if(rnd==null) { - rnd = ques.mayUser(trans, trans.user(), parentNs.value,Access.write); - } - return rnd; - } - }); - switch(fd.status) { - case OK: - Result> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, "C"); - if(rfc.isOK()) { - return Result.err(Status.ACC_Future, "NS [%s] is saved for future processing",namespace.name); - } else { - return Result.err(rfc); - } - case Status.ACC_Now: - return func.createNS(trans, namespace, false); - default: - return Result.err(fd); - } - } - - @ApiDoc( - method = POST, - path = "/authz/ns/:ns/admin/:id", - params = { "ns|string|true", - "id|string|true" - }, - expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { "Add an Identity :id to the list of Admins for the Namespace :ns", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" } - ) - @Override - public Result addAdminNS(AuthzTrans trans, String ns, String id) { - return func.addUserRole(trans, id, ns,Question.ADMIN); - } - - @ApiDoc( - method = DELETE, - path = "/authz/ns/:ns/admin/:id", - params = { "ns|string|true", - "id|string|true" - }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Remove an Identity :id from the list of Admins for the Namespace :ns", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" } - ) - @Override - public Result delAdminNS(AuthzTrans trans, String ns, String id) { - return func.delAdmin(trans,ns,id); - } - - @ApiDoc( - method = POST, - path = "/authz/ns/:ns/responsible/:id", - params = { "ns|string|true", - "id|string|true" - }, - expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { "Add an Identity :id to the list of Responsibles for the Namespace :ns", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" } - ) - @Override - public Result addResponsibleNS(AuthzTrans trans, String ns, String id) { - return func.addUserRole(trans,id,ns,Question.OWNER); - } - - @ApiDoc( - method = DELETE, - path = "/authz/ns/:ns/responsible/:id", - params = { "ns|string|true", - "id|string|true" - }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Remove an Identity :id to the list of Responsibles for the Namespace :ns", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)", - "Note: A namespace must have at least 1 responsible party" - } - ) - @Override - public Result delResponsibleNS(AuthzTrans trans, String ns, String id) { - return func.delOwner(trans,ns,id); - } - - /* (non-Javadoc) - * @see org.onap.aaf.authz.service.AuthzService#applyModel(org.onap.aaf.authz.env.AuthzTrans, java.lang.Object) - */ - @ApiDoc( - method = POST, - path = "/authz/ns/:ns/attrib/:key/:value", - params = { "ns|string|true", - "key|string|true", - "value|string|true"}, - expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { - "Create an attribute in the Namespace", - "You must be given direct permission for key by AAF" - } - ) - @Override - public Result createNsAttrib(AuthzTrans trans, String ns, String key, String value) { - TimeTaken tt = trans.start("Create NsAttrib " + ns + ':' + key + ':' + value, Env.SUB); - try { - // Check inputs - final Validator v = new Validator(); - if(v.ns(ns).err() || - v.key(key).err() || - v.value(value).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - // Check if exists already - Result> rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { - return Result.err(rlnsd); - } - NsDAO.Data nsd = rlnsd.value.get(0); - - // Check for Existence - if(nsd.attrib.get(key)!=null) { - return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key); - } - - // Check if User may put - if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, - ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { - return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); - } - - // Add Attrib - nsd.attrib.put(key, value); - ques.nsDAO.dao().attribAdd(trans,ns,key,value); - return Result.ok(); - } finally { - tt.done(); - } - } - - @ApiDoc( - method = GET, - path = "/authz/ns/attrib/:key", - params = { "key|string|true" }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { - "Read Attributes for Namespace" - } - ) - @Override - public Result readNsByAttrib(AuthzTrans trans, String key) { - // Check inputs - final Validator v = new Validator(); - if(v.nullOrBlank("Key",key).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - // May Read - if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, - ":"+trans.org().getDomain()+".*:"+key, Question.READ)) { - return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key); - } - - Result> rsd = ques.nsDAO.dao().readNsByAttrib(trans, key); - if(rsd.notOK()) { - return Result.err(rsd); - } - return mapper().keys(rsd.value); - } - - - @ApiDoc( - method = PUT, - path = "/authz/ns/:ns/attrib/:key/:value", - params = { "ns|string|true", - "key|string|true"}, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { - "Update Value on an existing attribute in the Namespace", - "You must be given direct permission for key by AAF" - } - ) - @Override - public Result updateNsAttrib(AuthzTrans trans, String ns, String key, String value) { - TimeTaken tt = trans.start("Update NsAttrib " + ns + ':' + key + ':' + value, Env.SUB); - try { - // Check inputs - final Validator v = new Validator(); - if(v.ns(ns).err() || - v.key(key).err() || - v.value(value).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - // Check if exists already (NS must exist) - Result> rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { - return Result.err(rlnsd); - } - NsDAO.Data nsd = rlnsd.value.get(0); - - // Check for Existence - if(nsd.attrib.get(key)==null) { - return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key); - } - - // Check if User may put - if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, - ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { - return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); - } - - // Add Attrib - nsd.attrib.put(key, value); - - return ques.nsDAO.update(trans,nsd); - - } finally { - tt.done(); - } - } - - @ApiDoc( - method = DELETE, - path = "/authz/ns/:ns/attrib/:key", - params = { "ns|string|true", - "key|string|true"}, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { - "Delete an attribute in the Namespace", - "You must be given direct permission for key by AAF" - } - ) - @Override - public Result deleteNsAttrib(AuthzTrans trans, String ns, String key) { - TimeTaken tt = trans.start("Delete NsAttrib " + ns + ':' + key, Env.SUB); - try { - // Check inputs - final Validator v = new Validator(); - if(v.nullOrBlank("NS",ns).err() || - v.nullOrBlank("Key",key).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - // Check if exists already - Result> rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { - return Result.err(rlnsd); - } - NsDAO.Data nsd = rlnsd.value.get(0); - - // Check for Existence - if(nsd.attrib.get(key)==null) { - return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key); - } - - // Check if User may del - if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, "attrib", ":com.att.*:"+key, Access.write.name())) { - return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key); - } - - // Add Attrib - nsd.attrib.remove(key); - ques.nsDAO.dao().attribRemove(trans,ns,key); - return Result.ok(); - } finally { - tt.done(); - } - } - - @ApiDoc( - method = GET, - path = "/authz/nss/:id", - params = { "id|string|true" }, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { - "Lists the Admin(s), Responsible Party(s), Role(s), Permission(s)", - "Credential(s) and Expiration of Credential(s) in Namespace :id", - } - ) - @Override - public Result getNSbyName(AuthzTrans trans, String ns) { - final Validator v = new Validator(); - if(v.nullOrBlank("NS", ns).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result> rlnd = ques.nsDAO.read(trans, ns); - if(rlnd.isOK()) { - if(rlnd.isEmpty()) { - return Result.err(Status.ERR_NotFound, "No data found for %s",ns); - } - Result rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read); - if(rnd.notOK()) { - return Result.err(rnd); - } - - - Namespace namespace = new Namespace(rnd.value); - Result> rd = func.getOwners(trans, namespace.name, false); - if(rd.isOK()) { - namespace.owner = rd.value; - } - rd = func.getAdmins(trans, namespace.name, false); - if(rd.isOK()) { - namespace.admin = rd.value; - } - - NSS nss = mapper.newInstance(API.NSS); - return mapper.nss(trans, namespace, nss); - } else { - return Result.err(rlnd); - } - } - - @ApiDoc( - method = GET, - path = "/authz/nss/admin/:id", - params = { "id|string|true" }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is an Admin", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" - } - ) - @Override - public Result getNSbyAdmin(AuthzTrans trans, String user, boolean full) { - final Validator v = new Validator(); - if (v.nullOrBlank("User", user).err()) { - return Result.err(Status.ERR_BadData, v.errs()); - } - - Result> rn = loadNamepace(trans, user, ".admin", full); - if(rn.notOK()) { - return Result.err(rn); - } - if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user); - } - NSS nss = mapper.newInstance(API.NSS); - // Note: "loadNamespace" already validates view of Namespace - return mapper.nss(trans, rn.value, nss); - - } - - @ApiDoc( - method = GET, - path = "/authz/nss/either/:id", - params = { "id|string|true" }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" - } - ) - @Override - public Result getNSbyEither(AuthzTrans trans, String user, boolean full) { - final Validator v = new Validator(); - if (v.nullOrBlank("User", user).err()) { - return Result.err(Status.ERR_BadData, v.errs()); - } - - Result> rn = loadNamepace(trans, user, null, full); - if(rn.notOK()) { - return Result.err(rn); - } - if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user); - } - NSS nss = mapper.newInstance(API.NSS); - // Note: "loadNamespace" already validates view of Namespace - return mapper.nss(trans, rn.value, nss); - } - - private Result> loadNamepace(AuthzTrans trans, String user, String endsWith, boolean full) { - Result> urd = ques.userRoleDAO.readByUser(trans, user); - if(urd.notOKorIsEmpty()) { - return Result.err(urd); - } - Map lm = new HashMap(); - Map other = full || endsWith==null?null:new TreeMap(); - for(UserRoleDAO.Data urdd : urd.value) { - if(full) { - if(endsWith==null || urdd.role.endsWith(endsWith)) { - RoleDAO.Data rd = RoleDAO.Data.decode(urdd); - Result nsd = ques.mayUser(trans, user, rd, Access.read); - if(nsd.isOK()) { - Namespace namespace = lm.get(nsd.value.name); - if(namespace==null) { - namespace = new Namespace(nsd.value); - lm.put(namespace.name,namespace); - } - Result> rls = func.getAdmins(trans, namespace.name, false); - if(rls.isOK()) { - namespace.admin=rls.value; - } - - rls = func.getOwners(trans, namespace.name, false); - if(rls.isOK()) { - namespace.owner=rls.value; - } - } - } - } else { // Shortened version. Only Namespace Info available from Role. - if(Question.ADMIN.equals(urdd.rname) || Question.OWNER.equals(urdd.rname)) { - RoleDAO.Data rd = RoleDAO.Data.decode(urdd); - Result nsd = ques.mayUser(trans, user, rd, Access.read); - if(nsd.isOK()) { - Namespace namespace = lm.get(nsd.value.name); - if(namespace==null) { - if(other!=null) { - namespace = other.remove(nsd.value.name); - } - if(namespace==null) { - namespace = new Namespace(nsd.value); - namespace.admin=new ArrayList(); - namespace.owner=new ArrayList(); - } - if(endsWith==null || urdd.role.endsWith(endsWith)) { - lm.put(namespace.name,namespace); - } else { - other.put(namespace.name,namespace); - } - } - if(Question.OWNER.equals(urdd.rname)) { - namespace.owner.add(urdd.user); - } else { - namespace.admin.add(urdd.user); - } - } - } - } - } - return Result.ok(lm.values()); - } - - @ApiDoc( - method = GET, - path = "/authz/nss/responsible/:id", - params = { "id|string|true" }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is a Responsible Party", - "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" - } - ) - @Override - public Result getNSbyResponsible(AuthzTrans trans, String user, boolean full) { - final Validator v = new Validator(); - if (v.nullOrBlank("User", user).err()) { - return Result.err(Status.ERR_BadData, v.errs()); - } - Result> rn = loadNamepace(trans, user, ".owner",full); - if(rn.notOK()) { - return Result.err(rn); - } - if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user); - } - NSS nss = mapper.newInstance(API.NSS); - // Note: "loadNamespace" prevalidates - return mapper.nss(trans, rn.value, nss); - } - - @ApiDoc( - method = GET, - path = "/authz/nss/children/:id", - params = { "id|string|true" }, - expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Child Namespaces of Namespace :id", - "Note: This is not a cached read" - } - ) - @Override - public Result getNSsChildren(AuthzTrans trans, String parent) { - final Validator v = new Validator(); - if(v.nullOrBlank("NS", parent).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result rnd = ques.deriveNs(trans, parent); - if(rnd.notOK()) { - return Result.err(rnd); - } - rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { - return Result.err(rnd); - } - - Set lm = new HashSet(); - Result> rlnd = ques.nsDAO.dao().getChildren(trans, parent); - if(rlnd.isOK()) { - if(rlnd.isEmpty()) { - return Result.err(Status.ERR_NotFound, "No data found for %s",parent); - } - for(NsDAO.Data ndd : rlnd.value) { - Namespace namespace = new Namespace(ndd); - Result> rls = func.getAdmins(trans, namespace.name, false); - if(rls.isOK()) { - namespace.admin=rls.value; - } - - rls = func.getOwners(trans, namespace.name, false); - if(rls.isOK()) { - namespace.owner=rls.value; - } - - lm.add(namespace); - } - NSS nss = mapper.newInstance(API.NSS); - return mapper.nss(trans,lm, nss); - } else { - return Result.err(rlnd); - } - } - - - @ApiDoc( - method = PUT, - path = "/authz/ns", - params = {}, - expectedCode = 200, - errorCodes = { 403,404,406 }, - text = { "Replace the Current Description of a Namespace with a new one" - } - ) - @Override - public Result updateNsDescription(AuthzTrans trans, REQUEST from) { - final Result nsd = mapper.ns(trans, from); - final Validator v = new Validator(); - if(v.ns(nsd).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - if(v.nullOrBlank("description", nsd.value.description).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Namespace namespace = nsd.value; - Result> rlnd = ques.nsDAO.read(trans, namespace.name); - - if(rlnd.notOKorIsEmpty()) { - return Result.err(Status.ERR_NotFound, "Namespace [%s] does not exist",namespace.name); - } - - if (ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.write).notOK()) { - return Result.err(Status.ERR_Denied, "You do not have approval to change %s",namespace.name); - } - - Result rdr = ques.nsDAO.dao().addDescription(trans, namespace.name, namespace.description); - if(rdr.isOK()) { - return Result.ok(); - } else { - return Result.err(rdr); - } - } - - /** - * deleteNS - * @throws DAOException - * @see org.onap.aaf.authz.service.AuthzService#deleteNS(org.onap.aaf.authz.env.AuthzTrans, java.lang.String, java.lang.String) - */ - @ApiDoc( - method = DELETE, - path = "/authz/ns/:ns", - params = { "ns|string|true" }, - expectedCode = 200, - errorCodes = { 403,404,424 }, - text = { "Delete the Namespace :ns. Namespaces cannot normally be deleted when there ", - "are still credentials associated with them, but they can be deleted by setting ", - "the \"force\" property. To do this: Add 'force=true' as a query parameter", - "

WARNING: Using force will delete all credentials attached to this namespace. Use with care.

" - + "if the \"force\" property is set to 'force=move', then Permissions and Roles are not deleted," - + "but are retained, and assigned to the Parent Namespace. 'force=move' is not permitted " - + "at or below Application Scope" - } - ) - @Override - public Result deleteNS(AuthzTrans trans, String ns) { - return func.deleteNS(trans, ns); - } - - -/*********************************** - * PERM - ***********************************/ - - /* - * (non-Javadoc) - * @see org.onap.aaf.authz.service.AuthzService#createOrUpdatePerm(org.onap.aaf.authz.env.AuthzTrans, java.lang.Object, boolean, java.lang.String, java.lang.String, java.lang.String, java.util.List, java.util.List) - */ - @ApiDoc( - method = POST, - path = "/authz/perm", - params = {}, - expectedCode = 201, - errorCodes = {403,404,406,409}, - text = { "Permission consists of:", - "
  • type - a Namespace qualified identifier specifying what kind of resource " - + "is being protected
    • ", - "
  • instance - a key, possibly multi-dimensional, that identifies a specific " - + " instance of the type
    • ", - "
  • action - what kind of action is allowed
", - "Note: instance and action can be an *" - } - ) - @Override - public Result createPerm(final AuthzTrans trans,REQUEST rreq) { - final Result newPd = mapper.perm(trans, rreq); - final Validator v = new Validator(trans); - if(v.perm(newPd).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false, - new Mapper.Memo() { - @Override - public String get() { - return "Create Permission [" + - newPd.value.fullType() + '|' + - newPd.value.instance + '|' + - newPd.value.action + ']'; - } - }, - new MayChange() { - private Result nsd; - @Override - public Result mayChange() { - if(nsd==null) { - nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write); - } - return nsd; - } - }); - Result> nsr = ques.nsDAO.read(trans, newPd.value.ns); - if(nsr.notOKorIsEmpty()) { - return Result.err(nsr); - } - switch(fd.status) { - case OK: - Result> rfc = func.createFuture(trans,fd.value, - newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action, - trans.user(), - nsr.value.get(0), - "C"); - if(rfc.isOK()) { - return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing", - newPd.value.ns, - newPd.value.type, - newPd.value.instance, - newPd.value.action); - } else { - return Result.err(rfc); - } - case Status.ACC_Now: - return func.createPerm(trans, newPd.value, true); - default: - return Result.err(fd); - } - } - - @ApiDoc( - method = GET, - path = "/authz/perms/:type", - params = {"type|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List All Permissions that match the :type element of the key" } - ) - @Override - public Result getPermsByType(AuthzTrans trans, final String permType) { - final Validator v = new Validator(); - if(v.nullOrBlank("PermType", permType).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result> rlpd = ques.getPermsByType(trans, permType); - if(rlpd.notOK()) { - return Result.err(rlpd); - } - -// We don't have instance & action for mayUserView... do we want to loop through all returned here as well as in mapper? -// Result r; -// if((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r); - - PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { - // Note: Mapper will restrict what can be viewed - return mapper.perms(trans, rlpd.value, perms, true); - } - return Result.ok(perms); - } - - @ApiDoc( - method = GET, - path = "/authz/perms/:type/:instance/:action", - params = {"type|string|true", - "instance|string|true", - "action|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List Permissions that match key; :type, :instance and :action" } - ) - @Override - public Result getPermsByName(AuthzTrans trans, String type, String instance, String action) { - final Validator v = new Validator(); - if(v.nullOrBlank("PermType", type).err() - || v.nullOrBlank("PermInstance", instance).err() - || v.nullOrBlank("PermAction", action).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result> rlpd = ques.getPermsByName(trans, type, instance, action); - if(rlpd.notOK()) { - return Result.err(rlpd); - } - - PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { - // Note: Mapper will restrict what can be viewed - return mapper.perms(trans, rlpd.value, perms, true); - } - return Result.ok(perms); - } - - @ApiDoc( - method = GET, - path = "/authz/perms/user/:user", - params = {"user|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List All Permissions that match user :user", - "

'user' must be expressed as full identity (ex: id@full.domain.com)

"} - ) - @Override - public Result getPermsByUser(AuthzTrans trans, String user) { - final Validator v = new Validator(); - if(v.nullOrBlank("User", user).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result> rlpd = ques.getPermsByUser(trans, user, trans.forceRequested()); - if(rlpd.notOK()) { - return Result.err(rlpd); - } - - PERMS perms = mapper.newInstance(API.PERMS); - - if(rlpd.isEmpty()) { - return Result.ok(perms); - } - // Note: Mapper will restrict what can be viewed - // if user is the same as that which is looked up, no filtering is required - return mapper.perms(trans, rlpd.value, - perms, - !user.equals(trans.user())); - } - - @ApiDoc( - method = POST, - path = "/authz/perms/user/:user", - params = {"user|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List All Permissions that match user :user", - "

'user' must be expressed as full identity (ex: id@full.domain.com)

", - "", - "Present Queries as one or more Permissions (see ContentType Links below for format).", - "", - "If the Caller is Granted this specific Permission, and the Permission is valid", - " for the User, it will be included in response Permissions, along with", - " all the normal permissions on the 'GET' version of this call. If it is not", - " valid, or Caller does not have permission to see, it will be removed from the list", - "", - " *Note: This design allows you to make one call for all expected permissions", - " The permission to be included MUST be:", - " .access|:[:key]|", - " examples:", - " com.att.myns.access|:ns|write", - " com.att.myns.access|:role:myrole|create", - " com.att.myns.access|:perm:mytype:myinstance:myaction|read", - "" - } - ) - @Override - public Result getPermsByUser(AuthzTrans trans, PERMS _perms, String user) { - PERMS perms = _perms; - final Validator v = new Validator(); - if(v.nullOrBlank("User", user).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - ////////////// - Result> rlpd = ques.getPermsByUser(trans, user,trans.forceRequested()); - if(rlpd.notOK()) { - return Result.err(rlpd); - } - - /*//TODO - 1) See if allowed to query - 2) See if User is allowed - */ - Result> in = mapper.perms(trans, perms); - if(in.isOKhasData()) { - List out = rlpd.value; - boolean ok; - for(PermDAO.Data pdd : in.value) { - ok = false; - if("access".equals(pdd.type)) { - Access access = Access.valueOf(pdd.action); - String[] mdkey = Split.splitTrim(':',pdd.instance); - if(mdkey.length>1) { - String type = mdkey[1]; - if("role".equals(type)) { - if(mdkey.length>2) { - RoleDAO.Data rdd = new RoleDAO.Data(); - rdd.ns=pdd.ns; - rdd.name=mdkey[2]; - ok = ques.mayUser(trans, trans.user(), rdd, Access.read).isOK() && ques.mayUser(trans, user, rdd , access).isOK(); - } - } else if("perm".equals(type)) { - if(mdkey.length>4) { // also need instance/action - PermDAO.Data p = new PermDAO.Data(); - p.ns=pdd.ns; - p.type=mdkey[2]; - p.instance=mdkey[3]; - p.action=mdkey[4]; - ok = ques.mayUser(trans, trans.user(), p, Access.read).isOK() && ques.mayUser(trans, user, p , access).isOK(); - } - } else if("ns".equals(type)) { - NsDAO.Data ndd = new NsDAO.Data(); - ndd.name=pdd.ns; - ok = ques.mayUser(trans, trans.user(), ndd, Access.read).isOK() && ques.mayUser(trans, user, ndd , access).isOK(); - } - } - } - if(ok) { - out.add(pdd); - } - } - } - - perms = mapper.newInstance(API.PERMS); - if(rlpd.isEmpty()) { - return Result.ok(perms); - } - // Note: Mapper will restrict what can be viewed - // if user is the same as that which is looked up, no filtering is required - return mapper.perms(trans, rlpd.value, - perms, - !user.equals(trans.user())); - } - - @ApiDoc( - method = GET, - path = "/authz/perms/role/:role", - params = {"role|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List All Permissions that are granted to :role" } - ) - @Override - public Result getPermsByRole(AuthzTrans trans,String role) { - final Validator v = new Validator(); - if(v.nullOrBlank("Role", role).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result rrdd = RoleDAO.Data.decode(trans, ques,role); - if(rrdd.notOK()) { - return Result.err(rrdd); - } - - Result r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read); - if(r.notOK()) { - return Result.err(r); - } - - PERMS perms = mapper.newInstance(API.PERMS); - - Result> rlpd = ques.getPermsByRole(trans, role, trans.forceRequested()); - if(rlpd.isOKhasData()) { - // Note: Mapper will restrict what can be viewed - return mapper.perms(trans, rlpd.value, perms, true); - } - return Result.ok(perms); - } - - @ApiDoc( - method = GET, - path = "/authz/perms/ns/:ns", - params = {"ns|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "List All Permissions that are in Namespace :ns" } - ) - @Override - public Result getPermsByNS(AuthzTrans trans,String ns) { - final Validator v = new Validator(); - if(v.nullOrBlank("NS", ns).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result rnd = ques.deriveNs(trans, ns); - if(rnd.notOK()) { - return Result.err(rnd); - } - - rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { - return Result.err(rnd); - } - - Result> rlpd = ques.permDAO.readNS(trans, ns); - if(rlpd.notOK()) { - return Result.err(rlpd); - } - - PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { - // Note: Mapper will restrict what can be viewed - return mapper.perms(trans, rlpd.value,perms, true); - } - return Result.ok(perms); - } - - @ApiDoc( - method = PUT, - path = "/authz/perm/:type/:instance/:action", - params = {"type|string|true", - "instance|string|true", - "action|string|true"}, - expectedCode = 200, - errorCodes = { 404,406, 409 }, - text = { "Rename the Permission referenced by :type :instance :action, and " - + "rename (copy/delete) to the Permission described in PermRequest" } - ) - @Override - public Result renamePerm(final AuthzTrans trans,REQUEST rreq, String origType, String origInstance, String origAction) { - final Result newPd = mapper.perm(trans, rreq); - final Validator v = new Validator(trans); - if(v.perm(newPd).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - if (ques.mayUser(trans, trans.user(), newPd.value,Access.write).notOK()) { - return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]", - newPd.value.ns,newPd.value.type,newPd.value.instance,newPd.value.action); - } - - Result nss = ques.deriveNsSplit(trans, origType); - Result> origRlpd = ques.permDAO.read(trans, nss.value.ns, nss.value.name, origInstance, origAction); - - if(origRlpd.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, - "Permission [%s|%s|%s] does not exist", - origType,origInstance,origAction); - } - - PermDAO.Data origPd = origRlpd.value.get(0); - - if (!origPd.ns.equals(newPd.value.ns)) { - return Result.err(Status.ERR_Denied, "Cannot change namespace with rename command. " + - " must start with [" + origPd.ns + "]"); - } - - if ( origPd.type.equals(newPd.value.type) && - origPd.action.equals(newPd.value.action) && - origPd.instance.equals(newPd.value.instance) ) { - return Result.err(Status.ERR_ConflictAlreadyExists, "New Permission must be different than original permission"); - } - - Set origRoles = origPd.roles(false); - if (!origRoles.isEmpty()) { - Set roles = newPd.value.roles(true); - for (String role : origPd.roles) { - roles.add(role); - } - } - - newPd.value.description = origPd.description; - - Result rv = null; - - rv = func.createPerm(trans, newPd.value, false); - if (rv.isOK()) { - rv = func.deletePerm(trans, origPd, true, false); - } - return rv; - } - - @ApiDoc( - method = PUT, - path = "/authz/perm", - params = {}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "Add Description Data to Perm" } - ) - @Override - public Result updatePermDescription(AuthzTrans trans, REQUEST from) { - final Result pd = mapper.perm(trans, from); - final Validator v = new Validator(trans); - if(v.perm(pd).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - if(v.nullOrBlank("description", pd.value.description).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - final PermDAO.Data perm = pd.value; - if(ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) { - return Result.err(Status.ERR_NotFound, "Permission [%s.%s|%s|%s] does not exist", - perm.ns,perm.type,perm.instance,perm.action); - } - - if (ques.mayUser(trans, trans.user(), perm, Access.write).notOK()) { - return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]", - perm.ns,perm.type,perm.instance,perm.action); - } - - Result> nsr = ques.nsDAO.read(trans, pd.value.ns); - if(nsr.notOKorIsEmpty()) { - return Result.err(nsr); - } - - Result rdr = ques.permDAO.addDescription(trans, perm.ns, perm.type, perm.instance, - perm.action, perm.description); - if(rdr.isOK()) { - return Result.ok(); - } else { - return Result.err(rdr); - } - - } - - @ApiDoc( - method = PUT, - path = "/authz/role/perm", - params = {}, - expectedCode = 201, - errorCodes = {403,404,406,409}, - text = { "Set a permission's roles to roles given" } - ) - - @Override - public Result resetPermRoles(final AuthzTrans trans, REQUEST rreq) { - final Result updt = mapper.permFromRPRequest(trans, rreq); - if(updt.notOKorIsEmpty()) { - return Result.err(updt); - } - - final Validator v = new Validator(trans); - if(v.perm(updt).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result nsd = ques.mayUser(trans, trans.user(), updt.value, Access.write); - if (nsd.notOK()) { - return Result.err(nsd); - } - - // Read full set to get CURRENT values - Result> rcurr = ques.permDAO.read(trans, - updt.value.ns, - updt.value.type, - updt.value.instance, - updt.value.action); - - if(rcurr.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, - "Permission [%s.%s|%s|%s] does not exist", - updt.value.ns,updt.value.type,updt.value.instance,updt.value.action); - } - - // Create a set of Update Roles, which are in Internal Format - Set updtRoles = new HashSet(); - Result nss; - for(String role : updt.value.roles(false)) { - nss = ques.deriveNsSplit(trans, role); - if(nss.isOK()) { - updtRoles.add(nss.value.ns + '|' + nss.value.name); - } else { - trans.error().log(nss.errorString()); - } - } - - Result rv = null; - - for(PermDAO.Data curr : rcurr.value) { - Set currRoles = curr.roles(false); - // must add roles to this perm, and add this perm to each role - // in the update, but not in the current - for (String role : updtRoles) { - if (!currRoles.contains(role)) { - Result key = RoleDAO.Data.decode(trans, ques, role); - if(key.isOKhasData()) { - Result> rrd = ques.roleDAO.read(trans, key.value); - if(rrd.isOKhasData()) { - for(RoleDAO.Data r : rrd.value) { - rv = func.addPermToRole(trans, r, curr, false); - if (rv.notOK() && rv.status!=Result.ERR_ConflictAlreadyExists) { - return Result.err(rv); - } - } - } else { - return Result.err(rrd); - } - } - } - } - // similarly, must delete roles from this perm, and delete this perm from each role - // in the update, but not in the current - for (String role : currRoles) { - if (!updtRoles.contains(role)) { - Result key = RoleDAO.Data.decode(trans, ques, role); - if(key.isOKhasData()) { - Result> rdd = ques.roleDAO.read(trans, key.value); - if(rdd.isOKhasData()) { - for(RoleDAO.Data r : rdd.value) { - rv = func.delPermFromRole(trans, r, curr, true); - if (rv.notOK() && rv.status!=Status.ERR_PermissionNotFound) { - return Result.err(rv); - } - } - } - } - } - } - } - return rv==null?Result.ok():rv; - } - - @ApiDoc( - method = DELETE, - path = "/authz/perm", - params = {}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "Delete the Permission referenced by PermKey.", - "You cannot normally delete a permission which is still granted to roles,", - "however the \"force\" property allows you to do just that. To do this: Add", - "'force=true' as a query parameter.", - "

WARNING: Using force will ungrant this permission from all roles. Use with care.

" } - ) - @Override - public Result deletePerm(final AuthzTrans trans, REQUEST from) { - Result pd = mapper.perm(trans, from); - if(pd.notOK()) { - return Result.err(pd); - } - final Validator v = new Validator(trans); - if(v.nullOrBlank(pd.value).err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - final PermDAO.Data perm = pd.value; - if (ques.permDAO.read(trans, perm).notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist", - perm.ns,perm.type,perm.instance,perm.action ); - } - - Result fd = mapper.future(trans,PermDAO.TABLE,from,perm,false, - new Mapper.Memo() { - @Override - public String get() { - return "Delete Permission [" + perm.fullPerm() + ']'; - } - }, - new MayChange() { - private Result nsd; - @Override - public Result mayChange() { - if(nsd==null) { - nsd = ques.mayUser(trans, trans.user(), perm, Access.write); - } - return nsd; - } - }); - - switch(fd.status) { - case OK: - Result> nsr = ques.nsDAO.read(trans, perm.ns); - if(nsr.notOKorIsEmpty()) { - return Result.err(nsr); - } - - Result> rfc = func.createFuture(trans, fd.value, - perm.encode(), trans.user(),nsr.value.get(0),"D"); - if(rfc.isOK()) { - return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode()); - } else { - return Result.err(rfc); - } - case Status.ACC_Now: - return func.deletePerm(trans,perm,trans.forceRequested(), false); - default: - return Result.err(fd); - } - } - - @ApiDoc( - method = DELETE, - path = "/authz/perm/:name/:type/:action", - params = {"type|string|true", - "instance|string|true", - "action|string|true"}, - expectedCode = 200, - errorCodes = { 404,406 }, - text = { "Delete the Permission referenced by :type :instance :action", - "You cannot normally delete a permission which is still granted to roles,", - "however the \"force\" property allows you to do just that. To do this: Add", - "'force=true' as a query parameter", - "

WARNING: Using force will ungrant this permission from all roles. Use with care.

"} - ) - @Override - public Result deletePerm(AuthzTrans trans, String type, String instance, String action) { - final Validator v = new Validator(trans); - if(v.nullOrBlank("Type",type) - .nullOrBlank("Instance",instance) - .nullOrBlank("Action",action) - .err()) { - return Result.err(Status.ERR_BadData,v.errs()); - } - - Result pd = ques.permFrom(trans, type, instance, action); - if(pd.isOK()) { - return func.deletePerm(trans, pd.value, trans.forceRequested(), false); - } else { - return Result.err(pd); - } - } - -/*********************************** - * ROLE - ***********************************/ - @ApiDoc( - method = POST, - path = "/authz/role", - params = {}, - expectedCode = 201, - errorCodes = {403,404,406,409}, - text = { - - "Roles are part of Namespaces", - "Examples:", - "