2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
21 package org.onap.aaf.cadi.shiro;
23 import java.security.Principal;
24 import java.util.ArrayList;
25 import java.util.Collection;
26 import java.util.List;
28 import org.apache.shiro.authz.AuthorizationInfo;
29 import org.apache.shiro.authz.Permission;
30 import org.onap.aaf.cadi.Access;
31 import org.onap.aaf.cadi.Access.Level;
32 import org.onap.aaf.cadi.aaf.AAFPermission;
35 * We treat "roles" and "permissions" in a similar way for first pass.
37 * @author JonathanGathman
40 public class AAFAuthorizationInfo implements AuthorizationInfo {
41 private static final long serialVersionUID = -4805388954462426018L;
43 private Access access;
44 private Principal bait;
45 private List<org.onap.aaf.cadi.Permission> pond;
46 // Use these to save conversions
47 private List<org.onap.aaf.cadi.Permission> cPerms;
48 private List<Permission> oPerms;
49 private List<String> sPerms;
51 public AAFAuthorizationInfo(Access access, Principal bait) {
60 public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) {
69 public Principal principal() {
74 public Collection<Permission> getObjectPermissions() {
75 access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions");
79 oPerms = new ArrayList<Permission>();
80 for(final org.onap.aaf.cadi.Permission p : pond) {
81 oPerms.add(new AAFShiroPermission(p));
84 oPerms = new ArrayList<>();
86 cPerms = new ArrayList<>();
87 AAFRealm.singleton.authz.fishAll(bait, cPerms);
89 for (final org.onap.aaf.cadi.Permission p : cPerms) {
90 oPerms.add(new AAFShiroPermission(p));
99 public Collection<String> getRoles() {
100 access.log(Level.DEBUG,"AAFAuthorizationInfo.getRoles");
101 // Until we decide to make Roles available, tie into String based permissions.
102 return getStringPermissions();
106 public Collection<String> getStringPermissions() {
107 access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions");
111 sPerms = new ArrayList<String>();
112 for(org.onap.aaf.cadi.Permission p : pond) {
113 sPerms.add(p.getKey().replace("|", ":"));
114 access.printf(Level.INFO, "%s has %s", bait.getName(), p.getKey());
117 sPerms = new ArrayList<>();
118 if (cPerms == null) {
119 cPerms = new ArrayList<>();
120 AAFRealm.singleton.authz.fishAll(bait, cPerms);
122 for (final org.onap.aaf.cadi.Permission p : cPerms) {
123 sPerms.add(p.getKey());