2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2019 IBM.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.dmaap.dbcapi.aaf;
24 import java.io.IOException;
25 import java.security.Principal;
26 import java.util.ArrayList;
27 import java.util.List;
29 import org.onap.aaf.cadi.Access;
30 import org.onap.aaf.cadi.CadiException;
31 import org.onap.aaf.cadi.LocatorException;
32 import org.onap.aaf.cadi.Permission;
33 import org.onap.aaf.cadi.aaf.AAFPermission;
34 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
35 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
36 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
37 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
38 import org.onap.aaf.misc.env.APIException;
39 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
42 * this service uses the AAF Lur object to lookup identities and perms
44 public class AafLurService extends BaseLoggingClass {
46 private static AAFConHttp aafcon;
47 private static AAFLurPerm aafLur;
48 private static AAFAuthn<?> aafAuthn;
52 * singleton pattern suggested by AAF
54 private static AafLurService singleton;
55 private AafLurService() {}
59 private static void init( Access myAccess ) throws APIException, CadiException, LocatorException {
60 appLogger.info( "myAccess=" + myAccess );
62 aafcon = new AAFConHttp( myAccess );
63 } catch ( CadiException | LocatorException e) {
64 appLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
65 errorLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
66 errorLogger.error(e.getMessage());
71 aafLur = aafcon.newLur();
72 } catch ( CadiException e) {
73 appLogger.error( "Failure of newLur(): " + e.getMessage() );
74 errorLogger.error( "Failure of newLur(): " + e.getMessage() );
75 errorLogger.error(e.getMessage());
79 aafAuthn = aafcon.newAuthn( aafLur );
82 public static synchronized AafLurService getInstance( Access myAccess ) throws APIException, CadiException, LocatorException{
83 if ( singleton == null ) {
84 singleton = new AafLurService();
87 } catch (APIException | CadiException | LocatorException e) {
88 errorLogger.error(e.getMessage());
97 public boolean checkPerm(String ns, String fqi, String pwd, DmaapPerm p) throws IOException, CadiException {
101 if ( aafAuthn == null ) {
102 appLogger.error( "AafLurService: aafAuthn not set as expected.");
106 String ok = aafAuthn.validate( fqi, pwd );
108 appLogger.info( "FAILED validation of fqi=" + fqi + "with response:" + ok );
112 Principal principal = new UnAuthPrincipal( fqi );
113 // if we pass ns as first arg to AAFPermission constructor it gets prpended to the instance...
114 // as in ns|instance|type|action. we don't want that.
115 Permission aafPerm = new AAFPermission( null, p.getPermission(), p.getPtype(), p.getAction());
116 if ( aafLur == null ) {
117 appLogger.error( "AafLurService: aafLur not set as expected.");
120 rc = aafLur.fish( principal, aafPerm );
126 List<Permission> perms = new ArrayList<>();
127 aafLur.fishAll( principal, perms);
128 String key = aafPerm.getKey();
129 for ( Permission prm: perms ) {
130 if ( prm.getKey().equals( key )) {
131 appLogger.info( principal + " has MATCHING perm " + prm.getKey() );
133 appLogger.info( principal + " has non-matching perm " + prm.getKey() );