shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21 package org.onap.aaf.cadi.shiro;
  22
  23 import java.security.Principal;
  24 import java.util.ArrayList;
  25 import java.util.Collection;
  26 import java.util.List;
  27
  28 import org.apache.shiro.authz.AuthorizationInfo;
  29 import org.apache.shiro.authz.Permission;
  30 import org.onap.aaf.cadi.Access;
  31 import org.onap.aaf.cadi.Access.Level;
  32 import org.onap.aaf.cadi.aaf.AAFPermission;
  33
  34 /**
  35  * We treat "roles" and "permissions" in a similar way for first pass.
  36  *
  37  * @author JonathanGathman
  38  *
  39  */
  40 public class AAFAuthorizationInfo implements AuthorizationInfo {
  41         private static final long serialVersionUID = -4805388954462426018L;
  42
  43         private Access access;
  44         private Principal bait;
  45         private List<org.onap.aaf.cadi.Permission> pond;
  46         // Use these to save conversions
  47         private List<org.onap.aaf.cadi.Permission> cPerms;
  48         private List<Permission> oPerms;
  49         private List<String> sPerms;
  50
  51         public AAFAuthorizationInfo(Access access, Principal bait) {
  52                 this.access = access;
  53                 this.bait = bait;
  54                 cPerms=null;
  55                 oPerms=null;
  56                 sPerms=null;
  57                 pond=null;
  58         }
  59
  60         public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) {
  61                 this.access = access;
  62                 this.bait = bait;
  63                 this.pond = pond;
  64                 oPerms=null;
  65                 sPerms=null;
  66                 cPerms=null;
  67         }
  68
  69         public Principal principal() {
  70                 return bait;
  71         }
  72
  73         @Override
  74         public Collection<Permission> getObjectPermissions() {
  75                 access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions");
  76                 synchronized(bait) {
  77                         if(oPerms == null) {
  78                                 if (pond != null) {
  79                                         oPerms = new ArrayList<Permission>();
  80                                         for(final org.onap.aaf.cadi.Permission p : pond) {
  81                                                 oPerms.add(new AAFShiroPermission(p));
  82                                         }
  83                                 } else {
  84                                         oPerms = new ArrayList<>();
  85                                         if (cPerms == null) {
  86                                                 cPerms = new ArrayList<>();
  87                                                 AAFRealm.singleton.authz.fishAll(bait, cPerms);
  88                                         }
  89                                         for (final org.onap.aaf.cadi.Permission p : cPerms) {
  90                                                 oPerms.add(new AAFShiroPermission(p));
  91                                         }
  92                                 }
  93                         }
  94                 }
  95                 return oPerms;
  96         }
  97
  98         @Override
  99         public Collection<String> getRoles() {
 100                 access.log(Level.DEBUG,"AAFAuthorizationInfo.getRoles");
 101                 // Until we decide to make Roles available, tie into String based permissions.
 102                 return getStringPermissions();
 103         }
 104
 105         @Override
 106         public Collection<String> getStringPermissions() {
 107                 access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions");
 108                 synchronized(bait) {
 109                         if(sPerms == null) {
 110                                 if (pond != null) {
 111                                         sPerms = new ArrayList<String>();
 112                                         for(org.onap.aaf.cadi.Permission p : pond) {
 113                                                 sPerms.add(p.getKey().replace("|", ":"));
 114                                                 access.printf(Level.INFO, "%s has %s", bait.getName(), p.getKey());
 115                                         }
 116                                 } else {
 117                                         sPerms = new ArrayList<>();
 118                                         if (cPerms == null) {
 119                                                 cPerms = new ArrayList<>();
 120                                                 AAFRealm.singleton.authz.fishAll(bait, cPerms);
 121                                         }
 122                                         for (final org.onap.aaf.cadi.Permission p : cPerms) {
 123                                                 sPerms.add(p.getKey());
 124                                         }
 125                                 }
 126                         }
 127                 }
 128                 return sPerms;
 129         }
 130
 131 }