Put MapBath code in Shiro

Issue-ID: AAF-618
Change-Id: Ibbee25744a479d40ed438f926d0d3785a76fc5d1
Signed-off-by: Instrumental <jonathan.gathman@att.com>

diff --git a/pom.xml b/pom.xml
index 039d9e9..5fd7397 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
        <modelVersion>4.0.0</modelVersion>
        <groupId>org.onap.aaf.cadi</groupId>
        <artifactId>parent</artifactId>
-       <version>2.1.7-SNAPSHOT</version>
+       <version>2.1.7</version>
        <name>CADI Plugins Parent</name>
        <packaging>pom</packaging>
 

diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
index ccdaf73..96af26e 100644 (file)
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
@@ -37,10 +37,13 @@ import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.LocatorException;
 import org.onap.aaf.cadi.Permission;
 import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.Symm;
 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
 import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
+import org.onap.aaf.cadi.util.CSV;
 import org.onap.aaf.misc.env.APIException;
 
 public class AAFRealm extends AuthorizingRealm {
@@ -51,6 +54,7 @@ public class AAFRealm extends AuthorizingRealm {
        private AAFAuthn<?> authn;
        private HashSet<Class<? extends AuthenticationToken>> supports;
        private AAFLurPerm authz;
+       private MapBathConverter mbc;
        
 
        /**
@@ -60,6 +64,7 @@ public class AAFRealm extends AuthorizingRealm {
         */
        public AAFRealm () {
                access = new PropAccess(); // pick up cadi_prop_files from VM_Args
+               mbc = null;
                String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
                if(cadi_prop_files==null) {
                        String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm.";
@@ -70,6 +75,15 @@ public class AAFRealm extends AuthorizingRealm {
                                acon = AAFCon.newInstance(access);
                                authn = acon.newAuthn();
                                authz = acon.newLur(authn);
+                               
+                               final String csv = access.getProperty(Config.CADI_BATH_CONVERT);
+                               if(csv!=null) {
+                                       try {
+                                               mbc = new MapBathConverter(access, new CSV(csv));
+                                       } catch (IOException e) {
+                                               access.log(e);
+                                       }
+                               }
                        } catch (APIException | CadiException | LocatorException e) {
                                String msg = "Cannot initiate AAFRealm";
                                access.log(Level.INIT,msg,e.getMessage());
@@ -85,10 +99,27 @@ public class AAFRealm extends AuthorizingRealm {
                access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token);
                
                final UsernamePasswordToken upt = (UsernamePasswordToken)token;
+               String user = upt.getUsername();
                String password=new String(upt.getPassword());
+               if(mbc!=null) {
+                       try {
+                               final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password);
+                               String bath = mbc.convert(access, oldBath);
+                               if(bath!=oldBath) {
+                                       bath = Symm.base64noSplit.decode(bath.substring(6));
+                                       int colon = bath.indexOf(':');
+                                       if(colon>=0) {
+                                               user = bath.substring(0, colon);
+                                               password = bath.substring(colon+1);
+                                       }
+                               }
+                       } catch (IOException e) {
+                               access.log(e);
+                       } 
+               }
                String err;
                try {
-                       err = authn.validate(upt.getUsername(),password);
+                       err = authn.validate(user,password);
                } catch (IOException e) {
                        err = "Credential cannot be validated";
                        access.log(e, err);
@@ -101,7 +132,7 @@ public class AAFRealm extends AuthorizingRealm {
 
            return new AAFAuthenticationInfo(
                        access,
-                       upt.getUsername(),
+                       user,
                        password
            );
        }

diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
index 591a56c..f915538 100644 (file)
--- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
+++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
@@ -27,9 +27,7 @@ import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.PrincipalCollection;
-import org.junit.Test;
 import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.shiro.AAFRealm;
 import org.onap.aaf.cadi.shiro.AAFShiroPermission;
 
@@ -37,31 +35,37 @@ import junit.framework.Assert;
 
 public class JU_AAFRealm {
 
-       // TODO: Ian - fix this test
-       // @Test
-       // public void test() {
-       //      // NOTE This is a live test.  This JUnit needs to be built with "Mock"
-       //      try {
-       //              System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props");
-       //              TestAAFRealm ar = new TestAAFRealm();
-                       
-       //              UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!");
-       //              AuthenticationInfo ani = ar.authn(upt);
-                       
-       //              AuthorizationInfo azi = ar.authz(ani.getPrincipals());
-       //              // Change this to something YOU have, Sai...
-                       
-       //              testAPerm(true,azi,"org.access","something","*");
-       //              testAPerm(false,azi,"org.accessX","something","*");
-       //      } catch (Throwable t) {
-       //              t.printStackTrace();
-       //              Assert.fail();
-       //      }
-       // }
+/*
+ @Test
+ public void test() {
+       // NOTE This is a live test.  This JUnit needs to be built with "Mock" before it can be 
+       // an official JUNIT
+       try {
+               System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/local/org.onap.aai.props");
+               TestAAFRealm ar = new TestAAFRealm();
+               
+               //UsernamePasswordToken upt = new UsernamePasswordToken("demo@people.osaaf.org", "demo123456!");
+               UsernamePasswordToken upt = new UsernamePasswordToken("AAI", "AAI");
+               
+               AuthenticationInfo ani = ar.authn(upt);
+               
+               AuthorizationInfo azi = ar.authz(ani.getPrincipals());
+               // Change this to something YOU have, Sai...
+               
+               testAPerm(true,azi,"org.onap.aai","resources","something","get");
+               testAPerm(false,azi,"org.osaaf.nons","resources","something","get");
+ //            testAPerm(true,azi,"name","org.access","something","*");
+ //            testAPerm(false,azi,"org.accessX","something","*");
+       } catch (Throwable t) {
+               t.printStackTrace();
+               Assert.fail();
+       }
+ }
+*/
 
-       private void testAPerm(boolean expect, AuthorizationInfo azi, String name, String type, String instance, String action) {
+       private void testAPerm(boolean expect, AuthorizationInfo azi, String ns, String type, String instance, String action) {
                
-               AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,name,instance,action,new ArrayList<String>()));
+               AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(ns,type,instance,action,new ArrayList<String>()));
 
                boolean any = false;
                for(Permission p : azi.getObjectPermissions()) {